Table of Contents
System Requirements #
- This product is to be installed on a virtual server having system requirements as follows:
- On firewalls where POC is planned a user account having administrative rights needs to be created.
- Network access from the virtual server to the related firewalls and their related L3 switch components must also be given on the following service ports:
- Syslog traffic to the related syslog server needs to be configured and firewall access be given if required.
- SMTP reach to the related mail server needs to be configured and firewall access be given if required.
- LDAP access to internal directory server needs to be given on firewalls.
- Radius access to internal AAA server needs to be given on firewalls and necessary configuration be done if the preferred remote authentication is Radius.
POC Checklist #
Following list contains the items that will be tested during the POC process.
# | Task Name | Test Condition and Details |
1 | New admin user creation | A new local username will be created with one of the predefined admin profiles |
2 | LDAP/Radius Integration | LDAP credentials will be configured on the system and new LDAP user be created with one of the predefined admin profiles |
3 | Admin Profiles Add/Edit | New admin profile will be created having the RW right for firewall operation RO right for admin profiles and users |
4 | Syslog server configuration | Syslog server will be created to send system log messages. |
5 | Device User Profile configuration | New device user profile to be created with the predefined information that is created on firewalls |
6 | Device integration | New device will be configured and added with necessary fields |
7 | Device LDAP Integration addition | New LDAP integration to be added for user based rule creation |
8 | Device LDAP SSO Relation addition | Relation between devices and domains to be defined to create a user based rule on the related devices |
9 | Enviromental settings (DNS & Pci Dss) configuration | Corporate DNS server and PCI-DSS subnets be defined if exists. |
10 | SMTP add(Notification) | For mail integration SMTP server details will be configured |
11 | Renew Data | To pull data on all firewalls and make necesary analysis data must be renewed. It may take half an hour |
12 | Rule Viewer Filtering | Apply a filter based on source IP, destination IP and schedule information |
13 | Object Viewer filtering | Search for any object and filter the related rules |
14 | Rule Checker | Use one or two source and destination IP information to find if the rule exists or not |
15 | Topology Find Path | Using the search field give source and destination IP information and click on Find Path |
16 | Topology Rule Checker | On the search field give service information in addition to IP and click on Rule Check |
17 | Report Export | Choose PCI based reporting and choose the devices and click generate report button |
18 | Disable Policy | Disable any chosen policy from rule viewer and using the edit function on rule viewer disable it |
19 | Enable Policy | Enable any chosen disabled policy from rule viewer and using edit function on rule viewer enable it |
20 | Delete Policy | Delete any chosen disabled policy from rule viewer and using edit function on rule viewer delete it |
21 | Corporate Policy | 4 different network roles be defined and relations between this roles be defined on Security Policy matrix |
22 | Add New Rule Request | Create a new rule request using the source IP, destination IP and service information |
23 | Add New Rule Path Free Request | Create a new rule request using the source IP, destination IP and service information and also choose the device from the list that action be applied |
24 | Add New Rule Request (User Based) | Create a new rule request using the source IP, destination IP, domain, user and service information |
25 | Add New Rule Path Free Request (User Based) | Create a new rule request using the source IP, destination IP, domain, user and service information and also choose the device from the list that action be applied |
26 | Server Cloning(Same Network) | Create a new request for a new IP on the same subnet |
27 | Server Cloning(Diff Network) | Create a new request for a new IP ona different subnet |
28 | Server Cloning Path-free | Create a new request for a new IP on the same subnet |
29 | Optimize – Shadow | Choose the devices that shadow policies to be found and check the related rules |
30 | Optimize Clean Disable | Choose the devices that clean disable policies to be found and check the related rules |
31 | Optimize Decommission | Choose IP/s to be removed from the firewalls and check the related rules |
32 | Auto Renew Edit | Auto renewing must be enabled to refresh all firewall data |
33 | Group Base New Group | Create a new group and define its members |
34 | Group Base New Policy | Create a new group based rule request with necessary source IP, destination IP and service fields |
35 | Group Base Ip Add to Group | Adding a new IP address to a group request |
36 | Group Rule Viewer | Find all groups based rule information here. Apply a filter for a specific group |