Policy Planner
Making changes to firewall policies can be difficult and time-consuming. FireMon® Security Manager’s
Policy Planner can reduce the effort required to make firewall changes while ensuring
that the right changes are made.
Policy Planner is a web-based system for collecting firewall change tickets,
recommending rule changes, and allowing for audit validation. Policy Planner enables
IT security organizations to gain significant efficiency by automating the change
process and giving firewall administrators tools to make accurate and compliant
rulebase changes.
Rule Recommendation
Security Manager’s Rule Recommendation analyzes the current behavior of the rule set and
can instantaneously determine the necessary change. Common scenarios that Rule Recommendation
can assist with are:
- No Change Necessary – Often, the firewall’s standard policy allows for the necessary
business services, but standard processes include submitting requirements to the
security team. When the access already exists, Security Manager can help abbreviate the
change process by identifying that no change is required prior to any engineering
effort.
- Similar Access Exists – New rules can be the knee-jerk reaction to any new request.
That can lead to a surplus of rules which can increase the complexity of the policy.
Rule Recommendation finds rules that allow similar access to the new request so
small modifications can be made.
Change Ticket Audit and Verification
Firewall change requests can be difficult things to audit and validate. In most
organizations, the change control data is locked in a workflow system without reference
to the implementation.
Using Policy Planner, managers and auditors can, in a single report, validate
that the requested access was appropriately engineered, approved by security, and
implemented as approved.
Once verified, change ticket information from Policy Planner flows back into Security Manager
and is tagged to the rule that was modified, creating a full lifecycle of rule history.