Table of Contents
System Requirements #
- This product is to be installed on a virtual server having system requirements as follows:
- On firewalls where POC is planned a user account having administrative rights needs to be created.
- Network access from the virtual server to the related firewalls and their related L3 switch components must also be given on the following service ports:
- Syslog traffic to the related syslog server needs to be configured and firewall access be given if required.
- SMTP reach to the related mail server needs to be configured and firewall access be given if required.
- LDAP access to internal directory server needs to be given on firewalls.
- Radius access to internal AAA server needs to be given on firewalls and necessary configuration be done if the preferred remote authentication is Radius.
POC Checklist
Following list contains the items that will be tested during the POC process.
# | Task Name | Test Condition and Details |
1 | New admin user creation | A new local username will be created with one of the predefined admin profiles |
2 | LDAP/Radius Integration | LDAP credentials will be configured on the system and new LDAP user be created with one of the predefined admin profiles |
3 | Admin Profiles Add/Edit | New admin profile will be created having the RW right for firewall operation RO right for admin profiles and users |
4 | Syslog server configuration | Syslog server will be created to send system log messages. |
5 | Device User Profile configuration | New device user profile to be created with the predefined information that is created on firewalls |
6 | Device integration | New device will be configured and added with necessary fields |
7 | Device LDAP Integration addition | New LDAP integration to be added for user based rule creation |
8 | Device LDAP SSO Relation addition | Relation between devices and domains to be defined to create a user based rule on the related devices |
9 | Enviromental settings (DNS & Pci Dss) configuration | Corporate DNS server and PCI-DSS subnets be defined if exists. |
10 | SMTP add(Notification) | For mail integration SMTP server details will be configured |
11 | Renew Data | To pull data on all firewalls and make necesary analysis data must be renewed. It may take half an hour |
12 | Rule Viewer Filtering | Apply a filter based on source IP, destination IP and schedule information |
13 | Rule Checker | Use one or two source and destination IP information to find if the rule exists or not |
14 | Topology Find Path | Using the search field give source and destination IP information and click on Find Path |
15 | Topology Rule Checker | On the search field give service information in addition to IP and click on Rule Check |
16 | Report Export | Choose PCI based reporting and choose the devices and click generate report button |
17 | Corporate Policy | 4 different network roles be defined and relations between this roles be defined on Security Policy matrix |
18 | Add New Rule Request | Create a new rule request using the source IP, destination IP and service information |
19 | Add New Rule Path Free Request | Create a new rule request using the source IP, destination IP and service information and also choose the device from the list that action be applied |
20 | Add New Rule Request (User Based) | Create a new rule request using the source IP, destination IP, domain, user and service information |
21 | Add New Rule Path Free Request (User Based) | Create a new rule request using the source IP, destination IP, domain, user and service information and also choose the device from the list that action be applied |
22 | Server Cloning(Same Network) | Create a new request for a new IP on the same subnet |
23 | Server Cloning(Diff Network) | Create a new request for a new IP on a different subnet |
24 | Optimize – Shadow | Choose the devices that shadow policies to be found and check the related rules |
25 | Optimize Clean Disable | Choose the devices that clean disable policies to be found and check the related rules |
26 | Optimize Decommission | Choose IP/s to be removed from the firewalls and check the related rules |
27 | Auto Renew Edit | Auto renewing must be enabled to refresh all firewall data |
28 | Group Base New Group | Create a new group and define its members |
29 | Group Base New Policy | Create a new group based rule request with necessary source IP, destination IP and service fields |
30 | Group Base Ip Add to Group | Adding a new IP address to a group request |
31 | Group Rule Viewer | Find all groups based rule information here. Apply a filter for a specific group |