Shortcuts

Firewall Management Features

Supported Platforms

Firewall Builder makes firewall management easy by providing a drag-and-drop GUI application that can be used to configure Linux iptables, Cisco ASA and PIX, Cisco FWSM, Cisco router access lists, pf, ipfw and ipfilter for BSD, and HP ProCurve ACL firewalls.

Object Model

Instead of having to type firewall commands, Firewall Builder allows you to create firewall rules with user-defined objects. After an object is created, for example an IP address to represent an E-mail server, that object can be used in rules on all your firewalls. And the search function makes it easy to find everywhere an object is being used.

A special type of object, the group object, lets you define a group of objects and use that group object in a rule. Groups can contain many types of child objects. For example, a group could include a mix of networks, hosts, and address ranges. When Firewall Builder generates rules for a firewall platform, like Linux iptables, that doesn’t natively support group elements in its command syntax, Firewall Builder automatically creates individual rules to match all the child objects in the group.

Example of Group Object with Network, Host and Address Range Members


Rules Validation

Using powerful inspection logic Firewall Builder analyzes configured firewall rules to identify:

  • Rules not supported by a particular firewall platform
  • Invalid rules that might be the result of user error, such as NAT'ing UDP into TCP
  • Rule shadowing, which are rules that will never be matched due to an earlier rule matching the traffic first
Shadowed Rule Example




Firewall Builder Error when Shadowed Rule is Detected


Automatic Configuration Generator

The built-in rules compiler generates platform specific firewall commands. The compiler understands the differences between types of firewalls and software versions, ensuring it generates the right commands for each type of firewall platform.

You can compile individual rules in the GUI at any time to see the specific commands that will be generated for that rule. This gives you instant visibility of the specific commands that would be deployed to the firewall.

Example of On-Demand Rule Compilation


Integrated Installer

Firewall Builder uses SSH and SCP to securely deploy your rules to the firewall. To help avoid situations where a firewall change accidentally blocks access to the device, Firewall Builder includes functions to automatically revert a firewall configuration to the previous version.

Advanced Feature Configuration Support

Firewall Builder also supports configuration of many advanced features. For example:

  • Cluster support for Cisco ASA/PIX, Linux iptables and OpenBSD pf firewalls
  • Dynamic live rule updates on Linux iptables (via ipset module) and OpenBSD pf
  • Run time options to have rule objects, like interfaces, determined on firewall startup
  • Predefined templates, including firewall rules, for common deployment scenarios
  • Device configuration of interface IP addresses, static routes, VLAN and bridge interfaces
  • Configuration versioning control using RCS
  • User defined pre and post firewall startup scripts

    • Want to learn more? Check out the extensive resources in our Documentation Center.

 

Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
 Using free CSS Templates.