Constantly grooming your firewall policies can be troublesome, especially for large organizations that have hundreds of rules. This tool works to save you time and ensure one is following best practices or at least considering potential weaknesses. This is my FIRST ATTEMPT at writing a script to function more as a program - so feedback is welcomed and appreciated to improve its functionality. Later versions will include an HTML formatted report of the results. For now, logs will need interpreted.
- Create a folder in your C:\ titled "SFOS_Analyzer."
- Download the sfos_analyzer_tool_v1 script
- Place the script within C:\SFOS_Analyzer
You can run the script from anyone on the machine and should function just fine but for my steps, it assumes your ps1 file is within this folder.
- Navigate to System > Backup & Firmware > Import Export
- Under "Export", ensure "Export full configuration" is selected and click "Export"
- Extract the tar file using 7Zip or another tool of your choosing
- Find the file name "Entities.xml" and copy it to your SFOS_Analyzer folder previously created
- Open Powershell as Administrator
- Type
cd C:\SFOS_Analyzer
- Type
sfos_analyzer_tool_v1.ps1 -windowstyle hidden
NOTE: I hate seeing the console throwing code
Log Name | Description |
---|---|
AdminSettingsResults | Reviews Login Settings, Hotfix & Central Mgmt Status |
AuthSettingsResults | Review Active Directory Auth Port |
HTTPRuleResults | Reviews WAF rules |
NetworkDMZRuleResults | Reviews network rules destined for the DMZ Zone |
NetworkLANRuleResults | Reviews network rules destined for the LAN Zone |
NetworkWANRuleResults | Review network rules destined for the WAN Zone |
UserDMZRuleResults | Reviews user rules destined for the DMZ Zone |
UserLANRuleResults | Reviews user rules destined for the LAN Zone |
UserWANRuleResults | Reviews user rules destined for the WAN Zone |
NOTE: These are all .txt files
Questions/Feedback? Ping me [email protected]