I have a question for the community regarding the creation of an initial policy.
In our infrastructure, we deploy firewall clusters fully automatically, but we always have the challenge of creating an initial policy that includes the necessary activations to run the customer's application landscape. The environment is usually completely rebuilt so that some teams (e.g. SAP) are also involved, which then also require special activations for the server communication.
So far, we have used an Excel template in which the project participants have entered their required rules.
We currently use an excel workbook as questionary for collecting all required data for creating the initial firewall policy. This excel workbook is sent to the project participant to collect the necessary information. The excel form contains a sheet for hosts, ports, host groups, port groups ending up in a table for combining all previously defines elements into rules for communication.
We then reworked verify and correct the template collected information and pushed push the objects, groups and rules into the firewall’s policy via script.
The challenge, however, is the actual Excel template, as the colleagues fill the cells and rows differently here, which means that we have a lot of work to do to create the script.
Possible problems we need to correct here are wrong format / syntax, removing duplicates or adding missing data (for example missing IP addresses for host objects).
Do you have any tips, tricks, tools or suggestions on how to make the initial policy creation process smarter?
Thanks for your ideas and help