Please feel free to download and use our open source tools:
360-FAAR Open Source:
* WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES - IS ONE FILE
* Easy to Edit Menu Driven Text Interface.
* Capable of manipulating tens of thousands of rules, objects and groups
* Handles infinitely deep groups
* Capable of CIDR filtering connectivity in/out of policy rulebases.
* Capable of merging rulebases.
* Identifies existing connectivity in rulebases and policies.
* Automatically performs cleanup if a log file is provided.
* Keeps DR connectivity via any text or IP tag
* Encryption rules can be added during policy moves to remove the "merge from" rules for traffic that would be encrypted by the time it reached the firewall on which the "merge to" policy is to be installed - sounds complicated but its not in practice - apropriate ike and esp rules should be added manually
* Runs consistency checks on its own objects and rule definitions.
* Extendable via a simple elsif in the user interaction loop section.
* EASY TO EXECUTE:
* ./360-faar.pl od=|ns=|cs=configfile[,logfile,natsfile]
* CONFIG TYPES:
* od = logexported logs, object dumper format config, fwdoc format nat rules csv
* ns = syslog format logs, screenos6 format config, nats are included in policy but not processed fuly yet, fwdoc format nats can be used
* cs = cisco ASA format config, cisco asa syslog file, fwdoc format nat rules
* OUTPUT TYPES:
* od = output an odumper/ofiller format config to file, and print the dbedit for the rulebase creation to screen
* ns = outputs netscreen screenos6 objects and policies (requires a netscreen config or zone info)
* cs = cisco asa format config policy
* By default 360-FAAR accepts exactly 3 configs on the command line.
* Make an empty file called "fake" and and use this as the file name, for log config and nats if you want to process less than 3 configs at once.
* Log file headders in fw1 logexported logs are found automatically so many files can be cated together
* FUTHER PROCESSING AND MANUAL EDITING:
* Output odumper/ofiller format files and make them more readable (watchout for spaces in names) using the numberrules helper script
* Edit these CSVs in Openoffice or Excell using any of the object or group definitions from the three loaded configs.
* You can then use this file as a template to translate to many different firewalls using the 'bldobjs' mode
Read the 360-FAAR User Guide here
* Build Checkpoint FW-1 policies from exported logs and output in DBEDIT format
* Build Netscreen policies from syslog and output in ScreenOS 6 format
* Build Cisco ASA ACL's from syslog and output in access-list format
* Cut and paste the commands output into the firewall to create a policy
* Or output the rules in CSV format to cross check them (Netscreen, Checkpoint)
* Baseline a test network and build a policy for the test firewall in one command!!
* Close open or 'test' rules and secure management connections
* Cross check traffic is seen on the correct interfaces
* Two filters each of which can filter against any part of the log entry
* Names resolved in the logs are used in policies but no object cmds are output
* Rename ACL's and use the access group statements to filter further (Cisco)
* Easy method of ignoring headers added by syslog servers
* FW-1: EASY TO EXECUTE ./choot logexport.log CMD Policy filter1 filter2
* DBEDIT cmd = Build rules and objects and output in DBEDIT format
* - DBEDIT mode requires a policy name before the filters.
* CSV cmd = Build rules and objects and output in CSV format
* DEBUG cmd = Output more verbose information - each entry grep | awk ...
* CISCO: EASY TO EXECUTE ./woot logfile CMDorACL filter1 filter2
* SRCINT cmd = use the source interface as the ACL name
* ACLNAME cmd = use access-gr cmds in file ACLNAME in same dir as woot
* DEBUG cmd = Output more verbose information - each entry ... | sort -u etc
* A name, an Access list name of your choice to which all ACE's will be assigned
* NETSCREEN: EASY TO EXECUTE ./nwoot logfile CMD filter1 filter2
* ZONE cmd = Build Rules and objects and output in Netscreen ScreenOS format
* CSV cmd = Build Rules and objects and output in CSV format
* DEBUG cmd = Output more verbose information - each entry grep | wc -l etc
* CHECKPOINT FW-1 EXAMPLE COMMANDS:
* ./choot logexport.log DBEDIT PolicyName eth2c0 161
* ./choot logexport.log CSV ServerName domain-udp
* ./choot logexport.log DEBUG 10.0.0 eth1c0
* or just
* ./choot logexport.log DBEDIT PolicyName
* ...if you want a policy built for all traffic seen
* CISCO EXAMPLE COMMANDS:
* cat access-groups-from-asa > ACLNAME
* ./woot ASA.log ACLNAME 10.10. \/53
* ./woot ASA.log SRCINT 12:01 10.10.10
* ./woot ASA.log testaclname 10.50. 10.10.10
* ./woot ASA.log DEBUG ServerName12 \/443
* or just
* ./woot ASA.log ACLNAME
* ...if you want all access lists built for all access group statements
* NETSCREEN EXAMPLE COMMANDS:
* ./nwoot Netscreen.log DEBUG 10.10. dst_port=53
* ./nwoot Netscreen.log ZONE 12:01 ServerName
* ./nwoot Netscreen.log CSV ZoneName 443
* or just
* ./nwoot Netscreen.log ZONE
* ...if you want all policys built for all zones
* !! I DONT RECOMMEND YOU USE THESE TOOLS ANYWHERE !! WOOT !!
* WRITTEN IN SIMPLE perl - NEEDS ONLY STANDARD MODULES