FirePAC v3.7 Adds Support For Object Usage
We recently released Athena FirePAC v3.7, which adds several cool features to help you get a handle on out-of-control firewall configurations. The new features make it much easier to identify object definitions that are not needed and to deploy consistent and systematic object definitions across an inventory of firewalls.
Object usage analysis helps you determine how objects are being used on a per-rule basis and also globally for each object. For firewalls like Juniper Netscreen and Check Point, which allow multiple values in the source, destination, and service fields, you can now determine how much each object contributes to the overall usage of a rule. For example, suppose you have the following rule in a Netscreen firewall:
| ID | Source | Destination | Service | Action |
| 17 | client1 client2 client3 |
abc_dmz_proxies abc_dmz_remotes xyz_dmz_proxies xyz_dmz_remotes |
HTTP HTTPS HTTP-ALT 8000 |
 |
You’d like to know which of the DMZ proxy and remote destination objects specified by this rule are actually being hit. Looking at the hit counts for the rule will only tell you that the rule is being used, but it will not tell you which of the objects in the rule are actually being used. The new object usage analysis in Athena FirePAC will tell you exactly the percentage of total hits to the rule is contributed by each object. This gives you valuable information about the traffic passing through your firewall and can help you identify which objects are unnecessary and can be removed from the rule.
You can also find out the aggregate usage of each network or service object in the configuration. This makes it very easy to identify the objects that are not being used at all and can be removed.
Check it out! You can download a free evaluation of Athena FirePAC from our web site.
Tags: Athena FirePAC, Juniper Netscreen, object cleanup, rulebase optimization