RootPrompt.org: Auditing Your Firewall Setup

[ Thanks to Noel
for this link. ]

“You’ve just finished implementing your new, shiny firewall. Or
perhaps you’ve just inherited several new firewalls with the
company merger. Either way, you are probably curious as to whether
or not they are implemented properly. Will your firewalls keep the
barbarians out there at bay? Does it meet your expectations? This
paper will help you find out. Here you will find a guide on how to
audit your firewall and your firewall rulebase. Examples provided
here are based on Check Point FireWall-1, but should apply to most

“This paper can help you in one of two situations. First,
you have certain expectations of what your firewall can or cannot
do and you want to validate those expectations. Second, you do not
know what to expect, so you need to audit your firewall to learn
Either way, this paper can hopefully help you out. We
are not going to cover how to audit or “hack” a network, that is a
different subject. Also, we are not going to discuss which firewall
is better then others, each firewall has its own advantages and
disadvantages. What is going to make or break you is not choosing
the “best” firewall, but implementing it correctly. That is the
purpose of this paper, making sure our firewall is correctly
implemented and behaves as we expected it.”

“Our first step in auditing our firewall is defining what we
expect. What do we want our firewall to do? Most of you should have
this already defined in the form of a security policy. Make sure
you have an understanding of these expectations before you verify
your firewall setup. That way, when you are done with the process,
you can compare the results to your expectations.”