Firewall Rule submission software

Im looking for an application that allows engineers to make firewall rule requests. Should be browser friendly. Application will notify approver of a submission and feedback from approver logged in the requestor's list of firewall rules. Note Im not looking for something that integrates with live firewalls or generates configuration. Essentially just a submission and approval application for firewall rule requests is required.

Any thoughts? I found matasano but remain unconvinced..

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Panzer919

I know this is probably not going to be the answer your looking for but, do you have any developers that work for your company who could just create a couple web pages to hash all this out? We have a couple systems in place that out in house developers created for situations like this.

DevilWAH

if all you want is a basic form, and aproval system, why not write one?

There are plenty of change manament systems out there, (Remedy for one). But they all cost money and need to be cusomised. Only really good for large instualtions. a few of the customers we do fire wall changes for use Reemdy as there over all change managemnt system.

But at my last copany we use an in house built web based system, built by an engineer in there spare time over a few weeks.

there are a few differet change manament packages out there, but I have only seen the enterprise one in use.

hope that helps

it_consultant

How many engineers are we talking about? I think a regular ticketing system is the closest thing to this.

Turgon

Panzer919 wrote: »

I know this is probably not going to be the answer your looking for but, do you have any developers that work for your company who could just create a couple web pages to hash all this out? We have a couple systems in place that out in house developers created for situations like this.

Yes it's an option although the developers are rather overrun with work.

Forsaken_GA

Alot of collaboration suites or project management suites will do what you're looking for.

We use JIRA for this, and other work orders. Essentially, some one creates the case in Jira, it gets voted upon by the relevant change management team, and then the case is assigned to someone for implementation, assuming it passes. We also use it to track bugs. If you're looking for free tools, you can probably use Traq or Redmine, or any of the other varieties. Firewall rule requests are essentially just change management issues, so they can be addressed with the plethora of tools that already exist to handle that, there's really no need for a specialized tool.

GT-Rob

I evaluated an application called 'Tufin' not long ago, which sort of did what you mention. It tries to manage the "life cycle of a firewall change", from the request, implementation, and eventual decomission when its no longer used. It worked with Checkpoint, Cisco, etc. Worth checking out if you have spare time, they will give you a 30 day trial.

*edit* what we currently used was just a spreadsheet that the requestor would fill out after a ticket was submitted. Maybe not as scalable though for larger orgs.

DevilWAH

Forsaken_GA wrote: »

Alot of collaboration suites or project management suites will do what you're looking for.

We use JIRA for this, and other work orders. Essentially, some one creates the case in Jira, it gets voted upon by the relevant change management team, and then the case is assigned to someone for implementation, assuming it passes. We also use it to track bugs. If you're looking for free tools, you can probably use Traq or Redmine, or any of the other varieties. Firewall rule requests are essentially just change management issues, so they can be addressed with the plethora of tools that already exist to handle that, there's really no need for a specialized tool.

Indeed, this is standare Change managment process.

The only reason you would want specialized software is if you want the software to do some of the validating for you.

While many of the 'cheaper' application will allow you configure things such as a list of devices that must be picked from (no free text). the more specialized ones, can be set up to preform simple logic (or complex) checks to insure things like you are not asking for changes that would break the company security policy. Or if you put in a complex change, they will atomaticaly set a different set of aproves than for a simple change. This auto addition of aprovers based on location of change or type of change can be usefull for large companys to help stream line the process.

Turgon

Forsaken_GA wrote: »

Alot of collaboration suites or project management suites will do what you're looking for.

We use JIRA for this, and other work orders. Essentially, some one creates the case in Jira, it gets voted upon by the relevant change management team, and then the case is assigned to someone for implementation, assuming it passes. We also use it to track bugs. If you're looking for free tools, you can probably use Traq or Redmine, or any of the other varieties. Firewall rule requests are essentially just change management issues, so they can be addressed with the plethora of tools that already exist to handle that, there's really no need for a specialized tool.

In our case there is. Our change control system is inadequate as a dedicated firewall change submission system along the lines I have in mind.

Forsaken_GA

Turgon wrote: »

In our case there is. Our change control system is inadequate as a dedicated firewall change submission system along the lines I have in mind.

Well, custom needs usually means custom coding.

I'm curious as to what makes standard change control inadequate, if you don't mind sharing (and, of course, it won't compromise operational security)

Turgon

Forsaken_GA wrote: »

Well, custom needs usually means custom coding.

I'm curious as to what makes standard change control inadequate, if you don't mind sharing (and, of course, it won't compromise operational security)

The change control system is monolithic and does not lend itself to a portal specifically tailored to firewall rule submission. Too much of everything in there, and while that works pretty well as an overall approval system we are looking at dedicated firewall teams and want something firewall centric. Rather similar to firewall rule approval systems I have seen when contracting at BT and O2.

NightShade03

This should do exactly what you are looking for...

FireMon: Change Management