We are in the process of evaluating some new firewall software. While this software is incredibly powerful one thing jumped off of the page for me, the granularity. The configuration of this software could be anywhere from very short, not that secure, to hours and hours for a really secure policy. After we continued through it I started to wonder what they were thinking when they wrote the program. While I know that granularity is important some thought to user interface needs to be given while developing the software. This particular one you had to dig to find what you were looking for then when you did you almost wanted to leave because it was so intimidating on where to start.
Here is a brief checklist, off the top of my head, of what needs to be tested in any firewall policy:
- Check to make sure company applications work.
- Check to make sure other things do not, too many people stop when something is working and they never test for the failure of other items.
- Have the policy checked by another pair of eyes. Too much room for error here.
- Check to see if users are users faster or slower after the installation.
- If slower look at the firewall to see why, maybe it is under powered or something is mis-configured.