- This product is to be installed on a virtual server having system requirements as follows:
- On firewalls where POC is planned a user account having administrative rights needs to be created.
- Network access from the virtual server to the related firewalls and their related L3 switch components must also be given on the following service ports:
- Syslog traffic to the related syslog server needs to be configured and firewall access be given if required.
- SMTP reach to the related mail server needs to be configured and firewall access be given if required.
- LDAP access to the internal directory server needs to be given on firewalls.
- Radius access to internal AAA servers needs to be given on firewalls and necessary configuration be done if the preferred remote authentication is Radius.
POC Checklist
Following list contains the items that will be tested during the POC process.
| # | Task Name | Test Condition and Details |
| 1 | New admin user creation | A new local username will be created with one of the predefined admin profiles |
| 2 | LDAP/Radius Integration | LDAP credentials will be configured on the system and new LDAP user be created with one of the predefined admin profiles |
| 3 | Admin Profiles Add/Edit | New admin profile will be created having the RW right for firewall operation RO right for admin profiles and users |
| 4 | Syslog server configuration | A Syslog server will be created to send system log messages. |
| 5 | Device User Profile configuration | New device user profile to be created with the predefined information that is created on firewalls |
| 6 | Device integration | New device will be configured and added with necessary fields |
| 7 | Device LDAP Integration addition | New LDAP integration to be added for user-based rule creation |
| 8 | Device LDAP SSO Relation addition | Relation between devices and domains to be defined to create a user-based rule on the related devices |
| 9 | Environmental settings (DNS & PCI-DSS) configuration | Corporate DNS server and PCI-DSS subnets be defined if exists. |
| 10 | SMTP add (Notification) | For mail integration SMTP server details will be configured |
| 11 | Renew Data | To pull data on all firewalls and make necessary analysis data must be renewed. It may take half an hour |
| 12 | Rule Viewer Filtering | Apply a filter based on source IP, destination IP and schedule information |
| 13 | Object Viewer filtering | Search for any object and filter the related rules |
| 14 | Rule Checker | Use one or two source and destination IP information to find if the rule exists or not |
| 15 | Topology Find Path | Using the search field give source and destination IP information and click on Find Path |
| 16 | Topology Rule Checker | On the search field give service information in addition to IP and click on Rule Check |
| 17 | Report Export | Choose PCI based reporting and choose the devices and click generate report button |
| 18 | Disable Policy | Disable any chosen policy from rule viewer and using the edit function on rule viewer disable it |
| 19 | Enable Policy | Enable any chosen disabled policy from rule viewer and using edit function on rule viewer enable it |
| 20 | Delete Policy | Delete any chosen disabled policy from rule viewer and using edit function on rule viewer delete it |
| 21 | Corporate Policy | 4 different network roles be defined and relations between this roles be defined on Security Policy matrix |
| 22 | Add New Rule Request | Create a new rule request using the source IP, destination IP and service information |
| 23 | Add New Rule Path Free Request | Create a new rule request using the source IP, destination IP and service information and also choose the device from the list that action be applied |
| 24 | Add New Rule Request (User Based) | Create a new rule request using the source IP, destination IP, domain, user and service information |
| 25 | Add New Rule Path Free Request (User Based) | Create a new rule request using the source IP, destination IP, domain, user and service information and also choose the device from the list that action be applied |
| 26 | Server Cloning (Same Network) | Create a new request for a new IP on the same subnet |
| 27 | Server Cloning (Diff Network) | Create a new request for a new IP ona different subnet |
| 28 | Server Cloning Path-free | Create a new request for a new IP on the same subnet |
| 29 | Optimize – Shadow | Choose the devices that shadow policies to be found and check the related rules |
| 30 | Optimize – Expired | Choose the devices that expired policies to be found and check the related rules |
| 31 | Optimize – Unused | Choose the devices that unused policies to be found and check the related rules |
| 32 | Optimize – Clean Disable | Choose the devices that clean disable policies to be found and check the related rules |
| 33 | Optimize – Remove Duplicates | Find objects having the same IP address or network on each firewall and make it singularized |
| 34 | Optimize – Decommission | Choose IP/s to be removed from the firewalls and check the related rules |
| 35 | Object Viewer – Name Change | Choose the object name to be changed and using the edit button define the new one |
| 36 | Object Viewer – IP Change | Choose the object IP to be changed and using the edit button define the new one |
| 37 | Usage Analysis | Create a new task for a rule that is to be made more specific based on the usage data |
| 38 | Revision Compare | Find out the changes made on firewalls between two revisions by choosing topic, firewalls and the revisions |
| 39 | Scheduled Task | Define an alert for revision compare or critical rule creation |
| 40 | Auto Renew Edit | Auto renewing must be enabled to refresh all firewall data |
| 41 | Group Base New Group | Create a new group and define its members |
| 42 | Group Base New Policy | Create a new group-based rule request with necessary source IP, destination IP and service fields |
| 43 | Group Base Ip Add to Group | Adding a new IP address to a group request |
| 44 | Group Rule Viewer | Find all groups-based rule information here. Apply a filter for a specific group |
