Configuration Check of Firewalls

Introduction

A key financial services provider (operator of the stock exchange, financial market information, etc.) for the Swiss financial centre must meet the requirements of external audits and ensure that the exact firewall rules ordered by the clients are actually implemented in the firewalls. This check is important because rule violations can result in "back doors", which could have undesirable consequences for both the company and the entire financial centre.

Solution with OMrun

OMrun was used to perform an automated, rule-based check of the planned and actual states of the firewall rules. The data reconciliation for more than 300 firewalls with a complex set of underlying rules was executed overnight by the scheduler to generate a diff report that the relevant staff would be provided with before starting work. This process allowed the integrity of the data to be improved step by step until the actual and planned states were identical.

It also set the foundations for the migration of a new tool with an integrated workflow, aimed at eliminating future deviations between the planned and actual states. After the migration to the firewall workflow engine, OMrun's work was complete (see als customer experiences, client SIX).