Juniper Networks has one of the best firewall solutions on the market and we are pleased to have been a partner of Juniper’s for some time. We have grown FireMon’s support for NetScreen dramatically over the years, and FireMon continues to be the most full-featured firewall management solution for Juniper firewalls.
Our change management process tool, Policy Planner, is a great workflow solution for Juniper firewalls. Users can enter requirements directly into the web-based interface, where Policy Planner captures the business requirement and compliance justification. Then, FireMon uses its knowledge of the firewall configuration to see if the change is necessary. If it’s not, you can close the ticket. If a change is necessary, FireMon will give you some interesting additional information, like if any rules already provide similar access or where the traffic is dropped, to help with placement of a new rule.
All of those analysis features are built on our leading Policy Test engine. Policy Test allows for the offline modeling of packets through the firewall policy to see how the rules currently handle the traffic. It’s a great tool for testing behavior or searching the policy (like every rule that has a specific network as a destination, or every rule that contains the HTTP service).
Policy Test has been updated recently for Juniper firewalls to include analysis of interfaces, zones and routes. So as you test scenarios, you can see the routing and zone information in the same result with the security rules that impact the traffic.
Another feature that our Juniper customers love is Traffic Flow Analysis. Traffic Flow inspects a security rule and identifies flows — which sources are using which destinations over which services. With this info, you can understand your policies better and clean up rules that are defined too broadly.
As always, our compliance framework is great for analyzing configurations against PCI, NERC or best practice standards and is completely customizable to accommodate your unique needs.
If you use NetScreen firewalls today, I’d invite you to come try FireMon. We offer free trials of our software and we know you’ll be excited about the management functionality we can provide to augment your Juniper administration. You can learn more here.