Anyone running multiple firewalls in a complex, enterprise environment knows how difficult it can be to catch misconfigurations, avoid conflicting rules, identify vulnerabilities, and meet auditing and compliance mandates.

We looked at five firewall operations management products: AlgoSec's Firewall Analyzer, RedSeal's Network Advisor and Vulnerability Advisor, Secure Passage's FireMon, Skybox's View Assure and View Secure and Tufin's SecureTrack. These products perform similar core functions: they retrieve configuration files of firewalls (and other network devices), store the data and analyze it. They can look at change history, analyze existing rules, perform rules-based queries, re-order rules, and send out alerts, if policies are violated. They can also create automated compliance audit analysis and reports.

They can also do modeling and war-game analysis based on a snapshot-in-time version of the network. Plus, AlgoSec, RedSeal and Skybox can provide network diagrams and topology views of the underlying networks.

Overall, we were most impressed with RedSeal and Skybox, which cover all the basics, plus have the added benefits of being able to support multiple vendor vulnerability scanning products. However, we were impressed with all of the products.

AlgoSec's Firewall Analyzer had an intuitive interface and came with predefined standard audit and analysis reports. Installation was simple and the program offered a wizard for easy data collection.

Network Advisor and Vulnerability Advisor from RedSeal answered questionson how well the network is configured to protect from Internet threats. The programs generate vulnerability reports showing weaknesses in the network, and contain pre-configured compliance management reports.

FireMon from Secure Passage performs real-time analysis on device configuration and stays current by using an automated analysis of compliance guidelines. There is a wizard to import device information en mass for large networks.

Skybox View Assure and Skybox View Secure can automate the collection schedule of configuration files by the hour, day, week, month or year. A built-in ticketing system supports access change tickets and policy violation tickets.

SecureTrack from Tufin has a What-If analysis feature to test changes to policies before they are implemented. Predefined analysis and reporting options are based on industry best practices.

AlgoSec Firewall Analyzer

We tested AlgoSec's Linux-based Firewall Analyzer software package,...