cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
BigPAM
Ivory

Compliance vs AlgoSec

Is it unfair of me to compare the Compliance with a policy audit tool such as AlgoSec Firewall Analyser? I am trying to create custom rules to find specific flows (i.e.traffic that originates on our internal network that goes to the internet bypassing the proxy). Compliance blade seems to be object based rather than breaking down the policy into base metadata as some of the well firewall audit tools do. I cant seem to get the above example to work  (because Compliance blade seems to be looking for specific objects ???).

Are there an sources of Compliance Blade documentation other than the videos or the R80.1 ARTG? They don't seem to go deep enough for me to figure this out for myself.

Thanks.

0 Kudos
2 Replies
Admin
Admin

Re: Compliance vs AlgoSec

Compliance Blade is looking at "best practices" as dictated by either specific regulatory requirements you choose or ones you define yourself.
It seems like you should be able to define an object that encompasses your internal network, no?
I believe that's required for custom rules to work.

If you can be more specific about exactly how you tried to define this custom rule, perhaps we can provide a suggestion.
0 Kudos
BigPAM
Ivory

Re: Compliance vs AlgoSec

Hi - so my latest attempt is this. I am trying to create a custom rule that reports on rules that allow access from the internal LAN to the internet without going via the proxy. I have created group objects that contain our internal network objects and one that contains all of our DMZ network objects. The report on this rule shows no rules found (and there should be many!). I can get results for simple things like finding 'Any' in source/destination but nothing more ambitious. Any help would be appreciated.

Compliance Blade rule ...

Relevant Blade - FW

Best Practice Rule definition

  • Hit Count - not defined
  • Name - not defined
  • Source - Group object containing all internal network objects
  • Destination - NEGATE Group object containing all DMZ network objects
  • VPN - not defined
  • Service - not defined
  • Action - accept
  • Track- not defined
  • Install On - not defined
  • Time - not defined
  • Comment - not defined

Best Practice scoring

  • Violation definition - Rule found
  • Tolerance - 0
  • Rule Index Display Criteria - Secure, Display rules that match  Poor, Display rules that match

 

 

0 Kudos