360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
|Tags||Firewall Analysis Netscreen CheckPoint Policy Firewall Networking Log Analysis cisco rulebase Monitoring Internet Firewall Analyzer Firewalls cli|
|Operating Systems||Unix Linux Windows OS X|
Link Added To Project: http://360-faar.com/support/userguide/360-FAAR%20User%20Guide%20v1.1.pdf
Release Notes: This is the first release of 360-FAAR Enhanced. This version of 360-FAAR supports all original functionality and enhances this by adding "complex" processing modes which retain the firewall rulebases structure and are also capable of handling complex enterprise firewall policies with very high fidelity. Drop, Reject, and Encrypt rule structures are maintained as well as Accept rules. This is a separate code branch from 360-FAAR 0.4.x.
Release Notes: This release fixes netscreen group name translation bugs. Empty groups are not matched in build_rules subs. Comments are output in 'set name' statements in policy id mode for netscreen rulebases. Netscreen rule 'name' strings are added with rule descriptions, and net ranges are translated as ranges. Some default services have been updated with a few new services definitions. 'rr' mode 'nat' defaults have been added, the same as 'yes' defaults with CIDR filter NAT translations switched on.
Release Notes: This release fixes rulebase output bugs when using the 'cl' option in 'rr' mode. Netscreen rulebase numbers now output usable rule numbers in 'cl' rulebases. The ctrl-c panic when reading logs is fixed. 'rr' mode 'log' defaults now switch off 'Any' rule to object and service object resolution. New 'rr' mode 'res' defaults now switch on most resolution and matching options.
Release Notes: This release adds the "resolve services from 'Any' objects" and the "resolve 'Any' network objects to known nets" option to the 'rr' mode. These new 'rr' mode options require that a log file is loaded and that the output policy is filtered using it. When connectivity is found in the logs which matches a policy instance with the 'Any' service specified, the proto and port or known supernet from the logs are used in the output policy. Resolved objects are reported during the rule build stages and should be added manually.
Release Notes: This release adds the 'hc' option to build rules in 'rr' mode and arrange the most hit new rules at the top. Beware: hit count rules are not 100% reliable at present. Hit counts can be multiplied for multi IP objects. 'cl' mode rules now use the original global rule number instead of incrementing it by 1. The defaults have been changed slightly, and a 'log' defaults option added. This release fixes a bug in 'load' mode trying to load files from '.', and Checkpoint rules that are not logged with a rule number are handled now.