Rule Tracker Solution in FirePAC v4.2
The new release of Athena FirePAC v4.2 adds several capabilities to the comprehensive firewall audit and operations tool you’ve come to know. The most exciting of these is Rule Tracker. This tool allows you to record the reason why individual rules exist and track the changes in documentation as the rules change and evolve over time. Documenting the business purpose of firewall rules has become a pressing issue with compliance auditors, such as PCI QSAs, demanding to know the reason for each rule in the firewall. Traditional change management systems keep track of change requests, but knowing which rules were modified because of a specific CMR ticket is virtually impossible. Network engineers typically feel the need to deploy changes quickly and disdain cumbersome process-heavy change systems that get in the way of making it work now. Documenting the change takes a distant second-place as the next fire comes along and needs to be put out.
Rule Tracker offers an easy way to set things right. Unlike elaborate systems that may involve months of process re-alignment, Rule Tracker recognizes that teams collaborate far more easily with spreadsheets. By using a spreadsheet approach and built-in intelligence to make the system highly user-friendly, Rule Tracker is flexible enough to be used in any change process. It compares two versions of a configuration and identifies precisely what changed. The changes can be exported to a spreadsheet format and the missing documentation can be added at any time, based on the changes that were made. The resulting annotations can then be imported back into FirePAC from the spreadsheet format, where they will be automatically retained and are available for review and reporting. While the system is designed to keep documentation current on a perpetual basis, consultants will also find the tool a handy way to bring clients up-to-date on regularly scheduled intervals.
I’ve recorded a video that shows how Rule Tracker works, which you can view here. Check it out!
In an upcoming post, I’ll be describing another new feature in FirePAC v4.2, the NAT Browser.