I am looking at doing an audit of the policies installed on a HA
passive/active firewall setup with NSRP. The primary is running at
about 80% CPU or so, the backup is about 5%. As such, I am a bit
hesitant (to say the least) about putting policy logging on as it may
kill the firewall.

Is it possible somehow to have logging on just the redundant firewall?
My other, perhaps long way of doing this is to convert the current
policies and, say, parse into snort rules and observe through a port tap
- the number of 'positive' hits on the IDS.

Does anyone have any other suggestions as to how to achieve what I want
to do?

Many thanks,
Kerry Milestone

Kerry Milestone

Senior Systems Engineer - Network Project Team
The Wellcome Trust Sanger Institute
Wellcome Trust Genome Campus Email: km4@sanger.ac.uk
Hinxton, Cambridge CB10 1SD Phone: (+44) 1223 492320
United Kingdom

The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
firewall-wizards mailing list