Firewall Rule submission software
Im looking for an application that allows engineers to make firewall rule requests. Should be browser friendly. Application will notify approver of a submission and feedback from approver logged in the requestor's list of firewall rules. Note Im not looking for something that integrates with live firewalls or generates configuration. Essentially just a submission and approval application for firewall rule requests is required.
Any thoughts? I found matasano but remain unconvinced..
Any thoughts? I found matasano but remain unconvinced..
Comments
-
Panzer919
Member Posts: 462
I know this is probably not going to be the answer your looking for but, do you have any developers that work for your company who could just create a couple web pages to hash all this out? We have a couple systems in place that out in house developers created for situations like this.Cisco Brat Blog
I think “very senior” gets stuck in there because the last six yahoos that applied for the position couldn’t tell a packet from a Snickers bar.
Luck is where opportunity and proper planning meet
I have not failed. I've just found 10,000 ways that won't work.
Thomas A. Edison -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
if all you want is a basic form, and aproval system, why not write one?
There are plenty of change manament systems out there, (Remedy for one). But they all cost money and need to be cusomised. Only really good for large instualtions. a few of the customers we do fire wall changes for use Reemdy as there over all change managemnt system.
But at my last copany we use an in house built web based system, built by an engineer in there spare time over a few weeks.
there are a few differet change manament packages out there, but I have only seen the enterprise one in use.
hope that helps- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
it_consultant
Member Posts: 1,903
How many engineers are we talking about? I think a regular ticketing system is the closest thing to this. -
Turgon
Banned Posts: 6,308 ■■■■■■■■■□
I know this is probably not going to be the answer your looking for but, do you have any developers that work for your company who could just create a couple web pages to hash all this out? We have a couple systems in place that out in house developers created for situations like this.
Yes it's an option although the developers are rather overrun with work. -
Forsaken_GA
Member Posts: 4,024
Alot of collaboration suites or project management suites will do what you're looking for.
We use JIRA for this, and other work orders. Essentially, some one creates the case in Jira, it gets voted upon by the relevant change management team, and then the case is assigned to someone for implementation, assuming it passes. We also use it to track bugs. If you're looking for free tools, you can probably use Traq or Redmine, or any of the other varieties. Firewall rule requests are essentially just change management issues, so they can be addressed with the plethora of tools that already exist to handle that, there's really no need for a specialized tool. -
GT-Rob
Member Posts: 1,090
I evaluated an application called 'Tufin' not long ago, which sort of did what you mention. It tries to manage the "life cycle of a firewall change", from the request, implementation, and eventual decomission when its no longer used. It worked with Checkpoint, Cisco, etc. Worth checking out if you have spare time, they will give you a 30 day trial.
*edit* what we currently used was just a spreadsheet that the requestor would fill out after a ticket was submitted. Maybe not as scalable though for larger orgs. -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
Forsaken_GA wrote: »Alot of collaboration suites or project management suites will do what you're looking for.
We use JIRA for this, and other work orders. Essentially, some one creates the case in Jira, it gets voted upon by the relevant change management team, and then the case is assigned to someone for implementation, assuming it passes. We also use it to track bugs. If you're looking for free tools, you can probably use Traq or Redmine, or any of the other varieties. Firewall rule requests are essentially just change management issues, so they can be addressed with the plethora of tools that already exist to handle that, there's really no need for a specialized tool.
Indeed, this is standare Change managment process.
The only reason you would want specialized software is if you want the software to do some of the validating for you.
While many of the 'cheaper' application will allow you configure things such as a list of devices that must be picked from (no free text). the more specialized ones, can be set up to preform simple logic (or complex) checks to insure things like you are not asking for changes that would break the company security policy. Or if you put in a complex change, they will atomaticaly set a different set of aproves than for a simple change. This auto addition of aprovers based on location of change or type of change can be usefull for large companys to help stream line the process.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
Turgon
Banned Posts: 6,308 ■■■■■■■■■□
Forsaken_GA wrote: »Alot of collaboration suites or project management suites will do what you're looking for.
We use JIRA for this, and other work orders. Essentially, some one creates the case in Jira, it gets voted upon by the relevant change management team, and then the case is assigned to someone for implementation, assuming it passes. We also use it to track bugs. If you're looking for free tools, you can probably use Traq or Redmine, or any of the other varieties. Firewall rule requests are essentially just change management issues, so they can be addressed with the plethora of tools that already exist to handle that, there's really no need for a specialized tool.
In our case there is. Our change control system is inadequate as a dedicated firewall change submission system along the lines I have in mind. -
Forsaken_GA
Member Posts: 4,024
In our case there is. Our change control system is inadequate as a dedicated firewall change submission system along the lines I have in mind.
Well, custom needs usually means custom coding.
I'm curious as to what makes standard change control inadequate, if you don't mind sharing (and, of course, it won't compromise operational security) -
Turgon
Banned Posts: 6,308 ■■■■■■■■■□
Forsaken_GA wrote: »Well, custom needs usually means custom coding.
I'm curious as to what makes standard change control inadequate, if you don't mind sharing (and, of course, it won't compromise operational security)
The change control system is monolithic and does not lend itself to a portal specifically tailored to firewall rule submission. Too much of everything in there, and while that works pretty well as an overall approval system we are looking at dedicated firewall teams and want something firewall centric. Rather similar to firewall rule approval systems I have seen when contracting at BT and O2.
