Tracking changes to firewall configs?

Posted by jmreicha on Server Fault See other posts from Server Fault or by jmreicha
Published on 2012-06-15T14:23:53Z Indexed on 2012/06/15 15:18 UTC
Read the original article Hit count: 383

Filed under:

firewall

|

change-management

|

revision-control

Myself and one other indivdual will be taking over some of the daily firewall management duties soon and I'm looking for a way to track changes on our firewall configurations for auditing purposes and need some ideas on a good way to track changes the changes that are made.

I don't have a lot of specific criteria but here are some of the basic things I would like to be able to do:

Access to previous revisions of firewall configs
Access to changes made and by whom
When specific changes were made

I'm wondering if some sort of revision control software would work here as a way to track the the changes? Or if some other approach would work better for managing the change control in this situation.

I'm open to any and all suggestions at this point.

EDIT:

We are using a Checkpoint pair, one passive one active configuration. I will update again with specific model numbers when I get a chance.

© Server Fault or respective owner

Related posts about firewall

Managed hosting firewall vs managing own firewall

as seen on Server Fault - Search for 'Server Fault'
I posted on stackoverflow as to the overall benefits of managed hosting vs non-managed hosting. The more I think about it, it seems to boil down to one question: should I use a managed host because they take care of the firewall, or would I be okay managing my own, software firewall? The sites… >>> More
Hardware firewall vs VMWare firewall appliance

as seen on Server Fault - Search for 'Server Fault'
We have a debate in our office going on whether it's necessary to get a hardware firewall or set up a virtual one on our VMWare cluster. Our environment consists of 3 server nodes (16 cores w/ 64 GB RAM each) over 2x 1 GB switches w/ an iSCSI shared storage array. Assuming that we would be dedicating… >>> More
Firewall behind firewall

as seen on Server Fault - Search for 'Server Fault'
I've recently changed jobs and I've been set up with a new workstation. On all previous places where I've been working they've had some sort of local firewall installed on each and every workstation - but here I've been told not to activate it because it is not necessary since we're already behind… >>> More
We have no SW Firewall behind our office HW firewall, admin says its not req'd

as seen on Server Fault - Search for 'Server Fault'
I've recently changed jobs and I've been set up with a new workstation. On all previous places where I've been working they've had some sort of local firewall installed on each and every workstation - but here I've been told not to activate it because it is not necessary since we're already behind… >>> More
Can't get FTP to work on centOS 5.6

as seen on Server Fault - Search for 'Server Fault'
Hi guys I have been trying for a few hours to install and get FTP to work... I did yum install ftp and yum install vsftpd They all installed and are running but when I try to use filezilla or some other client I just can't connect....I've tried connecting on port 21 and port 990 ....nothing! These… >>> More

Related posts about change-management

Change Management Software

as seen on Server Fault - Search for 'Server Fault'
I manage an 80,000 user CIS application written in Uniface. Every form in the application, and many of its processes, are represented by .frm files. We have hundreds of these files and 5 instances of the application. Instances include multiple production installations which must be kept sync'd. We… >>> More
Change Management Best Practices for the Engineering and Construction Industries

as seen on Oracle Blogs - Search for 'Oracle Blogs'
This Industry AppsCast will discuss the change management best practices for system implementation as it relates to the Engineering and Construction industries. >>> More
Cox Communications' Strategic Approach to Enterprise User Experience: How Change Management and Usab

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Author: Anna Wichansky, Senior Director, Applications User Experience, and Chair, Oracle Usability Advisory Board As part of our work in the User Experience group, our teams often go to Customer events such as the Higher Education User Group (HEUG) conference, Alliance 2010. This year's event… >>> More
Database Change Management - Setup for Initial Create Scripts, Subsequent Migration Scripts

as seen on Stack Overflow - Search for 'Stack Overflow'
I've got a database change management workflow in place. It's based on SQL scripts (so, it's not a managed code-based solution). The basic setup looks like this: Initial/ Generate Initial Schema.sql Generate Initial Required Data.sql Generate Initial Test Data.sql Migration 0001_MigrationScriptForChangeOne… >>> More
Database change management tools?

as seen on Stack Overflow - Search for 'Stack Overflow'
We are currently in the process of solidifying a database change management process. We run MySql 5 running on RedHat 5. I have selected LiquiBase as the tool because it's open source and allows us to expand its functionality later if needed. It also seems to be one of the few free projects that are… >>> More