Athena Rolls Out Firewall Configuration Debugger

Offers offline troubleshooting for service availability issues

Dark Reading Staff, Dark Reading

August 10, 2010

3 Min Read

Chicago, Illinois, August 10, 2010 – Athena Security, the makers of Athena FirePAC, a comprehensive enterprise firewall audit and operations tool, today announced availability of the Configuration Debugger, the first and only software solution that network engineers can use for offline troubleshooting of service availability issues on Cisco, Check Point and Netscreen firewalls.

Rather than using actual packets, Athena analyzes how “virtual packets” (which could be also be based on service and address ranges) would traverse all of the ACL, NAT and route rules that match the search criteria. With this information, the debugger displays a result set that allows the user to interactively explore rule and object relationships to isolate the specific areas where fixes are needed.

Troubleshooting the effect of policies (ACL,/NAT/Route) on firewalls sends many network engineers into a tailspin. Adhoc tests, which also eat up time cycles, is how they must often determine which rules are impacting specific traffic flows.

Since time and resources for all enterprise network operations groups is severely constrained, having to pull away from other high priority projects to scramble when something goes wrong has costly consequences.

It is estimated that network engineers can spend hours troubleshooting a single firewall deployed in a typical production environment. If the network has more than one or two firewalls, the whole day could be totally lost.

With the introduction of Athena’s Configuration Debugger Tool, an engineer takes minutes to isolate the rules responsible for common problems such as a server that can’t be accessed or a service that is being blocked.

“Existing solutions allow for the ability to create a specific packet for service availability testing. They rely on the logging feature for the firewall rules. This requires not only unnecessary data on the network but also will work only on those rules that already have logging turned on,” says David Hurst, CTO of Athena Security. “To respond to these limitations, we took an innovative approach when designing the Debugger tool. It works similarly to a software debugger in that it is both engineerfriendly and able to provide quick results based on a comprehensive examination of the entire rulebase.”

The Configuration Debugger is available as a standalone solution component within Athena FirePAC, so that operations groups and/or security engineers have the choice to select the tool by itself or bundle it with security audit, rule/object cleanup and a variety of other focused solutions.

The base package for up to 10 Cisco, Check Point or Netscreen firewalls is available for $1000 for a limited time only.

About Athena Security

Athena offers infrastructure analysis tools that identify the precise relationship between firewall rules and network services in a single device or across a complex network. With a comprehensive focus on configuration data, Athena helps network and security engineers perform whatif analysis that reduces the reliance on diagnostics and validation by adhoc testing. Over 300 companies turn to Athena products, Athena FirePAC and Athena Verify, for standardized and consistent automation and intelligence to reduce the time and effort required for policy management on network security devices. For more information see

Media contact:

Anjali Gurnani

Athena Security

[email protected]

(630) 6290600 x21

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights