Hi,

if you are willing to use a commercial solution, check out www.algosec.com.
it does everything you asked about, and then some: risk assessment with
builtin knowledgebase, what is open, rule usage statistics & reordering,
change tracking, SOX compliance - all in a convenient web-based report.

it's WAY better than a spreadsheet ...

Disclaimer: I've been working on firewall analysis for many years,
both in academia and industry, and
I'm affiliated with AlgoSec, so I'm biased.

HTH,
Avishai

On 9/19/07, jacob c wrote:
> I'm a newbie to the PIX line but these questions would apply to other
> firewalls as well. I have some questions that I hope you guys can assist me
> with.
>
> Two Questions:
> 1) What is the best/easiest way to document a current policy? Spreadsheet??
> I
> would like to know what ports (services) are open and to where? Also
> duplicates,
> etc.? Would it be best just to put it in a spreadsheet? Is there a tool for
> this?
> 2) Once an audit/analysis has been made, what is a good way to make the new
> changes, if there are many? Would it best just to download the config and
> modify
> it offline?
> 3) What is the method to see what rules are being hit the most so I can
> rearrange the rules in the most logical, efficient order?
> 4) Is there standard Analysis checklist to go by when reviewing a PIX
> firewall
> policy?
> Any help is highly appreciated.
> Thank you,
>
> ________________________________
> Check out the hottest 2008 models today at Yahoo! Autos.
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>
>



--
Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
http://www.algosec.com
******* Firewall Management Made Smarter ******
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards