These three tools build Checkpoint, Cisco ASA or Netscreen policys from logfiles. They write dbedit, access-list or set address, set service and set policy commands for the traffic seen in the logs, that can be cut and pasted into the firewalls. WOOT
Today’s small-to-medium-sized (SMB) businesses and large enterprises are saving on their monthly communications costs by making one simple decision: to switch to a VoIP service solution from their old, outdated Plain Old Telephone Service (POTS). By choosing a new VoIP service, these companies enjoy the flexibility, reliability, call features, and audio quality that only a VoIP service can provide. Plus, they cut their phone bill by up to 70%!
Post Views:
330
| Website |
http://www.360-faar.com/360faar/opensource |
| Tags |
FirewallsMonitoringSecurity |
| License |
GNU General Public License version 2.0 (GPLv2)
|
| Platform |
BSD
Linux
Mac
Windows
|
| Features |
- Build Checkpoint FW-1 policies from exported logs and output in DBEDIT format
- Build Netscreen policies from syslog and output in ScreenOS 6 format
- Build Cisco ASA ACL's from syslog and output in access-list format
- Cut and paste the commands output into the firewall to create a policy
- Or output the rules in CSV format to cross check them (Netscreen, Checkpoint)
- .
- Baseline a test network and build a policy for the test firewall in one command!!
- Close open or 'test' rules and secure management connections
- Cross check traffic is seen on the correct interfaces
- Two filters each of which can filter against any part of the log entry
- Names resolved in the logs are used in policies but no object cmds are output
- Rename ACL's and use the access group statements to filter further (Cisco)
- Easy method of ignoring headers added by syslog servers
- FW-1: EASY TO EXECUTE ./choot logexport.log CMD Policy filter1 filter2
- DBEDIT cmd = Build rules and objects and output in DBEDIT format
- - DBEDIT mode requires a policy name before the filters.
- CSV cmd = Build rules and objects and output in CSV format
- DEBUG cmd = Output more verbose information - each entry grep | awk ...
- CISCO: EASY TO EXECUTE ./woot logfile CMDorACL filter1 filter2
- SRCINT cmd = use the source interface as the ACL name
- ACLNAME cmd = use access-gr cmds in file ACLNAME in same dir as woot
- DEBUG cmd = Output more verbose information - each entry ... | sort -u etc
- A name, an Access list name of your choice to which all ACE's will be assigned
- NETSCREEN: EASY TO EXECUTE ./nwoot logfile CMD filter1 filter2
- ZONE cmd = Build Rules and objects and output in Netscreen ScreenOS format
- CSV cmd = Build Rules and objects and output in CSV format
- DEBUG cmd = Output more verbose information - each entry grep | wc -l etc
- CHECKPOINT FW-1 EXAMPLE COMMANDS:
- ./choot logexport.log DBEDIT PolicyName eth2c0 161
- ./choot logexport.log CSV ServerName domain-udp
- ./choot logexport.log DEBUG 10.0.0 eth1c0
- or just
- ./choot logexport.log DBEDIT PolicyName
- ...if you want a policy built for all traffic seen
- CISCO EXAMPLE COMMANDS:
- cat access-groups-from-asa > ACLNAME
- ./woot ASA.log ACLNAME 10.10. \/53
- ./woot ASA.log SRCINT 12:01 10.10.10
- ./woot ASA.log testaclname 10.50. 10.10.10
- ./woot ASA.log DEBUG ServerName12 \/443
- ./woot ASA.log ACLNAME
- ...if you want all access lists built for all access group statements
- NETSCREEN EXAMPLE COMMANDS:
- ./nwoot Netscreen.log DEBUG 10.10. dst_port=53
- ./nwoot Netscreen.log ZONE 12:01 ServerName
- ./nwoot Netscreen.log CSV ZoneName 443
- ./nwoot Netscreen.log ZONE
- ...if you want all policys built for all zones
- !! I DONT RECOMMEND YOU USE THESE TOOLS ANYWHERE !! WOOT !!
- WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES
|