Rather than using actual packets, Athena analyzes how “virtual packets” (which could be also be based on service and address ranges) would traverse all of the ACL, NAT and route rules that match the search criteria. With this information, the debugger displays a result set that allows the user to interactively explore rule and object relationships to isolate the specific areas where fixes are needed.
Troubleshooting the effect of policies (ACL,/NAT/Route) on firewalls sends many network engineers into a tailspin. Adhoc tests, which also eat up time cycles, is how they must often determine which rules are impacting specific traffic flows.
Since time and resources for all enterprise network operations groups is severely constrained, having to pull away from other high priority projects to scramble when something goes wrong has costly consequences.
It is estimated that network engineers can spend hours troubleshooting a single firewall deployed in a typical production environment. If the network has more than one or two firewalls, the whole day could be totally lost.
With the introduction of Athena’s Configuration Debugger Tool, an engineer takes minutes to isolate the rules responsible for common problems such as a server that can’t be accessed or a service that is being blocked.
“Existing solutions allow for the ability to create a specific packet for service availability testing. They rely on the logging feature for the firewall rules. This requires not only unnecessary data on the network but also will work only on those rules that already have logging turned on,” says David Hurst, CTO of Athena Security. “To respond to these limitations, we took an innovative approach when designing the Debugger tool. It works similarly to a software debugger in that it is both engineerfriendly and able to provide quick results based on a comprehensive examination of the entire rulebase.”
The Configuration Debugger is available as a standalone solution component within Athena FirePAC, so that operations groups and/or security engineers have the choice to select the tool by itself or bundle it with security audit, rule/object cleanup and a variety of other focused solutions.
The base package for up to 10 Cisco, Check Point or Netscreen firewalls is available for $1000 for a limited time only.
About Athena Security
Athena offers infrastructure analysis tools that identify the precise relationship between firewall rules and network services in a single device or across a complex network. With a comprehensive focus on configuration data, Athena helps network and security engineers perform whatif analysis that reduces the reliance on diagnostics and validation by adhoc testing. Over 300 companies turn to Athena products, Athena FirePAC and Athena Verify, for standardized and consistent automation and intelligence to reduce the time and effort required for policy management on network security devices. For more information see http://www.athenasecurity.net.
(630) 6290600 x21