Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ram1
Participant

Open source tool for firewall policy and Change management

Hi Team,

 

 

Is there any open source tool which is very good on policy and change management for checkpoint Firewall. To replace tufin, is there any open aousou tool like tufin. If yes please let me know...also can we automate firewall policy and change management using ansible...any other options would be very helpful.

 

Thanks in advance!

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

We have an Ansible module to manage policy and objects, yes.
In fact, we have a specific forum on CheckMates for Ansible-related queries.

0 Kudos
Ram1
Participant

HI,

 

thanks for your reply, could you please share me the forum link. also is this possible for us to track change management of rule bases using ansible and to check disable rules and expired rules and going to expire rules. im looking for a replacement for "Tufin"

0 Kudos
PhoneBoy
Admin
Admin

It's under Products > Developers: https://community.checkpoint.com/t5/Ansible/bd-p/ansible 
Ansible itself does not provide this functionality, but if all rulebases/objects are built using Ansible and you use something like Git to track changes to the playbooks, you, by default have a way to track this stuff.
This will only help you with new rulebases/objects created with Ansible, not existing rulebases/objects.

There is no specific APIs for tracking disabled or expired rules.
You can query the rules and find them, but that has to be done outside of Ansible using the API. 

Bottom line: Ansible itself will NOT replace Tufin.
You can use it to potentially build your own replacement, but a lot of assembly will be required.
If you're just looking to track configuration changes, there are SmartConsole Extensions that assist with this (requires R80.30 and above): https://community.checkpoint.com/t5/SmartConsole-Extensions/Change-Report/m-p/87322
It won't be as full-featured as Tufin, of course, which has a lot of additional functionality.

0 Kudos