FW1 External Ruleset validation tools?

From: Leif Sawyer (lsawyer@gci.com)
Date: Wed Sep 10 2003 - 13:04:07 EDT


Hello,

I'm looking for a way to audit my firewall ruleset, in
a very specific manner.

I've gotten reports of packets traversing our firewall
that should not be allowed by any of the rules currently implemented.

What is the easiest way to find out what rule line the supposed packet
could be traversing, without logging on every single rule? This is
interesting because it is a random occurance, with no way to know
when it will happen. And I dislike the idea of full logging until
I see the violation again -- I just don't have the diskspace, for one.

Something like an external program that would allow a crafted packet
to be 'virtually' sent through the ruleset would be perfect.

Does such a tool exist? Preferably supporting Checkpoint FW-1 NG

Thanks

Leif Sawyer

--
"It's pronounced Layf...you know, like Leif Garret? Don't you watch
 'I Love the 70's'? What kind of retro lover are you, anyway?"




This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT