Athena Security, a provider of analysis tools for managing and simplifying firewall configuration complexity, today announced the release of FirePAC, a software tool that enables network managers to simplify firewall configurations, support device migration and automate firewall reviews.

 

According to Athena Security, the common errors in a firewall configuration range from incorrect rule ordering and grouping of network objects to improperly comprehending the complex interactions between multiple routing, address translation, and filtering rules. While addressing these issues by manual rule-by-rule inspection, the firewall hides many inter-relationships between the rules, and the result can be misleading.

 

FirePAC understands the firewall rules in context to the entire rule set and gives an accurate way to identify policy conflicts. It removes the access control list (ACL) rules that create policy conflicts while keeping the semantics of the firewall unchanged. Athena Security says that FirePAC runs the analysis offline, so it does not pose any risk to production networks.

 

The most important application of FirePAC tools is in security operations initiatives such as migrating from Cisco (News - Alert) PIX firewall to Adaptive Security Appliances (ASA) or reducing the amount of manual effort and expense required to perform in-depth firewall reviews, the company said.

 

Athena FirePAC offers three capabilities for network engineers: policy analysis, anomaly detection and policy comparison.

 

FirePAC offers end-to-end firewall policy analysis that shows the impact on packet flow when all the ACL, Network Address Translation (NAT) and routing rules are combined together in addition to the device’s implicit behavior. Additionally it performs 90+ firewall audit checks and shows which ACL rules are executed for any specified policy query.

 

The anomaly detection feature of FirePAC provides reports that pinpoint more rules for optimizing a configuration.

 

Policy comparison is a feature of FirePAC by which it allows users to detect policy errors before they are deployed to production networks. In this method, FirePAC compares two revisions of a configuration file and automatically calculates the impact on firewall service availability.

 

With the help of this pragmatic tool, network engineers can save a lot of precious time, say Athena Security officials. It ensures a correct configuration that allows only essential services in and out of the firewall.

 

“Athena designed FirePAC to help relieve some of the high pressure demands of being a network professional,” says Adarsh Arora, CEO of Athena Security. “It saves time so network engineers can more quickly correct network errors, troubleshoot, and prevent or mitigate impending network issues.”

 

The software is easy to use and install and is available as downloadable software for free evaluation and online purchase.

 

There are a limited number of tools available to verify firewall policies. Because of this, most configurations are riddled with policy errors. These errors can result in malicious traffic entering the networks or blocking legitimate traffic.

 

“Because they were the first network security solution deployed by most organizations, firewall policies have grown out of hand,” says Richard Stiennon, a security industry blogger for Network World (News - Alert). “Tools to evaluate, simplify and optimize firewall rule sets are becoming required elements of a security department's capabilities.”