There are 5,000 production servers, then I made an on-the-fly calculation of 30-50 rules per server, then for the number of ports.
The exercise is abysmal and I just tried to describe the situation in a chaotic way, but the reality is similar.
You help me to find the best strategy to load a CheckPoint Firewall from scratch, assuming that nobody really knows what services or groups may exist.
In short, what is intended is:
1.- Somehow load the raw traffic, that is, without analysis, maintaining the ANY rule, so as not to affect the current services
2.- Once loaded, see the patterns that allow them to be grouped under concepts such as services or others
3.- After having an order that allows the administration of the firewall more conceptually, we proceed to monitor the ANY rule to add the GAP
4. Delete any rule, and may God have mercy on us;)
What do you think, what could be a better way to achieve loading so much rule. It will be better to script the creation of objects and then the creation of the rule, in order to reduce the times if only the graphical console is used.
I do not speak English, but I have tried to make myself understood with what you have