I guess it really depends on what the scripts do... Either way, I would schedule an outage window if I were you. If this is a production firewall, you don't want to run a test like this and assume nothing will break. That doesn't mean you have to take it down, but I would schedule a window so that potentially affected users know that maintenance will be done and a short outage is possible...
Shawn Duffy, CCNA CCSE email: pakkit at codepiranha dot org web: http://codepiranha.org/~pakkit gpg key: http://codepiranha.org/~pakkit/pakkit.asc gpg fpr: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html On Thu, 29 May 2003 [EMAIL PROTECTED] wrote: > My agency has Symantec Enterprise Firewall V6.5.0 and it needs to be re-certified as > being security compliant; to accomplish this we will run a series of scripts against > the OS (WINNT 4.0). > > The bottom line question is: do we need to bring this firewall off line to run the > scripts? > > The scripts only evaluate the values of the registry and not the functioning of the > firewall software; we have reviewed the current rules and have accepted them as > adequate, but must complete the OS verification. After the OS assessment we will > conduct penetration testing. > > Any recommendations or comments to our concept of verifying our firewall's security > are welcomed. > > Kurt Myers > IA Officer > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
