Table of Contents
System Requirements #
- This product is to be installed on a virtual server having system requirements as follows:
- On firewalls where POC is planned a user account having administrative rights needs to be created.
- Network access from the virtual server to the related firewalls and their related L3 switch components must also be given on the following service ports:
- Syslog traffic to the related syslog server needs to be configured and firewall access be given if required.
- SMTP reach to the related mail server needs to be configured and firewall access be given if required.
- LDAP access to internal directory server needs to be given on firewalls.
- Radius access to internal AAA server needs to be given on firewalls and necessary configuration be done if the preferred remote authentication is Radius.
POC Checklist #
Following list contains the items that will be tested during the POC process.
| # | Task Name | Test Condition and Details |
| 1 | New admin user creation | A new local username will be created with one of the predefined admin profiles |
| 2 | LDAP/Radius Integration | LDAP credentials will be configured on the system and new LDAP user be created with one of the predefined admin profiles |
| 3 | Admin Profiles Add/Edit | New admin profile will be created having the RW right for firewall operation RO right for admin profiles and users |
| 4 | Syslog server configuration | Syslog server will be created to send system log messages. |
| 5 | Device User Profile configuration | New device user profile to be created with the predefined information that is created on firewalls |
| 6 | Device integration | New device will be configured and added with necessary fields |
| 7 | Device LDAP Integration addition | New LDAP integration to be added for user-based rule creation |
| 8 | Device LDAP SSO Relation addition | Relation between devices and domains to be defined to create a user-based rule on the related devices |
| 9 | Environmental settings (DNS & Pci-Dss) configuration | Corporate DNS server and PCI-DSS subnets be defined if exists. |
| 10 | SMTP add(Notification) | For mail integration SMTP server details will be configured |
| 11 | Renew Data | To pull data on all firewalls and make necessary analysis data must be renewed. It may take half an hour |
| 12 | Rule Viewer Filtering | Apply a filter based on source IP, destination IP and schedule information |
| 13 | Object Viewer filtering | Search for any object and filter the related rules |
| 14 | Rule Checker | Use one or two source and destination IP information to find if the rule exists or not |
| 15 | Topology Find Path | Using the search field give source and destination IP information and click on Find Path |
| 16 | Topology Rule Checker | On the search field give service information in addition to IP and click on Rule Check |
| 17 | Report Export | Choose PCI based reporting and choose the devices and click generate report button |
| 18 | Disable Policy | Disable any chosen policy from rule viewer and using the edit function on rule viewer disable it |
| 19 | Enable Policy | Enable any chosen disabled policy from rule viewer and using edit function on rule viewer enable it |
| 20 | Delete Policy | Delete any chosen disabled policy from rule viewer and using edit function on rule viewer delete it |
| 21 | Corporate Policy | 4 different network roles be defined and relations between this roles be defined on Security Policy matrix |
| 22 | Add New Rule Request | Create a new rule request using the source IP, destination IP and service information |
| 23 | Add New Rule Path Free Request | Create a new rule request using the source IP, destination IP and service information and also choose the device from the list that action be applied |
| 24 | Add New Rule Request (User Based) | Create a new rule request using the source IP, destination IP, domain, user and service information |
| 25 | Add New Rule Path Free Request (User Based) | Create a new rule request using the source IP, destination IP, domain, user and service information and also choose the device from the list that action be applied |
| 26 | Server Cloning (Same Network) | Create a new request for a new IP on the same subnet |
| 27 | Server Cloning (Diff Network) | Create a new request for a new IP ona different subnet |
| 28 | Server Cloning Path-free | Create a new request for a new IP on the same subnet |
| 29 | Optimize – Shadow | Choose the devices that shadow policies to be found and check the related rules |
| 30 | Optimize Clean Disable | Choose the devices that clean disable policies to be found and check the related rules |
| 31 | Optimize Decommission | Choose IP/s to be removed from the firewalls and check the related rules |
| 32 | Auto Renew Edit | Auto renewing must be enabled to refresh all firewall data |
| 33 | Group Base New Group | Create a new group and define its members |
| 34 | Group Base New Policy | Create a new group-based rule request with necessary source IP, destination IP and service fields |
| 35 | Group Base Ip Add to Group | Adding a new IP address to a group request |
| 36 | Group Rule Viewer | Find all group-based rule information here. Apply a filter for a specific group |
