Optimize Policy

Optimize Policy: CPdefense

Rules Cleanup

Rule ReorderingRule reordering analysis was not performed

Click to learn how to activate rule usage statistics

Rules Cleanup Unused rules N/A Covered rules 1 Redundant special case rules 2 Consolidate rules 0 Disabled rules 6 Time-inactive rules 0 Rules without logging 6 Rules with empty comments 3

Rules with a time clause 0Rules about to expire 0Unused NAT rules N/ARedundant NAT rules 0Rules 18

Objects CleanupUnattached objects 25Empty objects 0Duplicate objects 3Unused objects N/AUnused objects within rules N/AHostgroup definitions 91Duplicate services 0

Intelligent Policy TunerClick to learn how to activate rule usage statistics

VPN CleanupVPN Analysis ReportExpired users 0Users about to expire 0

Unused Covered Disabled Time-inactive

Notlogged

Nocomments

0

2

4

6

8

Unattached user groups 0Unattached users 0

Rule ReorderingClick to learn how to activate rule usage statistics

Rule Usage StatisticsClick to learn how to activate rule usage statistics

Covered rules

This page shows rules that are covered (hidden) by other rules.Such rules are effectively disabled and can probably be deleted.

Rule 11 is covered by rule 10.

RULE NAME SOURCE DESTINATION SERVICE ACTION COMMENT DOCUMENTATION

10 TEST10 HostA_192.168.10.5 Office_192.168.3.0 Any accept HOST A

11 TEST11 HostB_192.168.10.5 Office_192.168.3.0 Any accept HOST B

Redundant special case rulesThis page shows rules that are a special case of other rules.In each pair of rules below, the top rule is a special case of the bottom rule.This means the top rule in every pair is redundant: removing it will not changethe firewall's effective security policy.

Rule 8 is a special case of rule 9

RULE NAME SOURCE DESTINATION SERVICE ACTION COMMENT DOCUMENTATION

8 TEST8 Production-Workstation Office_192.168.3.0 NFS accept Produktion 1

9 TEST9 prod_192.168.22.0 Office_192.168.3.0 NFS accept Produktion 2

Rule 10 is a special case of rule 11

RULE NAME SOURCE DESTINATION SERVICE ACTION COMMENT DOCUMENTATION

10 TEST10 HostA_192.168.10.5 Office_192.168.3.0 Any accept HOST A

11 TEST11 HostB_192.168.10.5 Office_192.168.3.0 Any accept HOST B

Disabled Rules

RULE NAME SOURCE DESTINATION SERVICE ACTION COMMENT DOCUMENTATION

12Disabled TEST12 Any Any Any drop

13Disabled TEST13 HostA_192.168.10.5 Office_192.168.3.0 Any accept HOST A

14Disabled TEST14 HostA_192.168.10.5 Office_192.168.3.0 Any accept HOST A

15Disabled TEST15 HostA_192.168.10.5 Office_192.168.3.0 Any accept HOST A

16Disabled TEST16 Any NESSUS-SCANNER Any drop

17Disabled TEST17 HostA_192.168.10.5 Proxies-Trustwave

http https

accept

Showing 1 to 6 of 6 entries

Rules without logging

Log action is not defined for the following rules

RULE NAME SOURCE DESTINATION SERVICE ACTION COMMENT TRACK DOCUMENTATION

8 TEST8 Production-Workstation Office_192.168.3.0 NFS accept Produktion 1 None

9 TEST9 prod_192.168.22.0 Office_192.168.3.0 NFS accept Produktion 2 None

10 TEST10 HostA_192.168.10.5 Office_192.168.3.0 Any accept HOST A None

11 TEST11 HostB_192.168.10.5 Office_192.168.3.0 Any accept HOST B None

12Disabled TEST12 Any Any Any drop None

17Disabled TEST17 HostA_192.168.10.5 Proxies-Trustwave

http https

accept None

Showing 1 to 6 of 6 entries

Rules with an empty comment field

RULE NAME SOURCE DESTINATION SERVICE ACTION COMMENT DOCUMENTATION

12Disabled TEST12 Any Any Any drop

16Disabled TEST16 Any NESSUS-SCANNER Any drop

17Disabled TEST17 HostA_192.168.10.5 Proxies-Trustwave

http https

accept

Showing 1 to 3 of 3 entries

Unattached objects

An object is identified as Unattached if it does not appear in any rule,in any policy that is managed by the current SmartCenter or CMA,and also it is not a member of any object group that appears in any such rule.

NAMEAuxiliaryNet

CPDShield

DMZNet

EMailEnc-Cluster

Endian-Industrial-MGMT

FW-Admins

HoneyBOX-Mgmt

HoneyBOXen

InternalNet

IPS-SourceFiree-1

IPS-SourceFiree-2

LocalMachine

LocalMachine_All_Interfaces

LUMENSION-SCANNER

MailServer

SecuriyCenterTenable

Unattached objects referred by groups

The following list contains Unattached objects that are contained in groups.These objects and their containing groups are Unattached.They do not appear in any rule in any policy managed by the SmartCenter or CMA,and are not members of a group that appears in any such rule.

NAME

EMailEnc-Zertificon100

EMailEnc-Zertificon200

Exchange100

Exchange200

FW-ADMIN-1

FW-ADMIN-2

HoneyBox-1

HoneyBox-2

HoneyBox-3

Duplicate objects

Two or more objects are identified as duplicate if they have different names but refer to exactly the same collection IP addresses and subnets.

NAMETrusted_hosts = Any

CPdefense = Gateways

HostA_192.168.10.5 = HostB_192.168.10.5

Patent(s) pending & Copyright © 2003-2012 AlgoSec. All rights reserved. Usage strictly subject to License Agreement.