Impact Analysis is the building block for all other Athena components. It supports daily operational needs to understand how changes affect service availability.
See why over 300 network and security engineers incorporate Athena into the firewall change process to eliminate unintended side effects.
Cross Inventory Rule and Object Search: Unlike most management consoles, FirePAC allows you to select multiple devices from the inventory and locate all of the matching rules or objects based on any IP address, service/port value and object names. Understanding what is contained in your objects can be tremendously cumbersome if you have to go to multiple places to identify the rule relationships. FirePAC gives you a single convenient place to search service and network objects nested within multiple levels of object hierarchies so you can go straight to the rules you want to find. Even for large or complex firewalls, this capability breaks down the dependencies between all of your rules and objects to save you loads of time.
Query Traffic Flow: You can understand, in an offline manner, how IP traffic flows through the firewall. FirePAC allows you to test service availability without injecting any packets into your network. Users can identify what specific IP traffic is allowed or or denied along specific ingress and egress interfaces, and which specific ACL, NAT, VPN and route rules allow or deny that traffic.
With this advanced query functionality, you can answer important operations-focused questions like:
- What sources can reach a given destination?
- What services are allowed to a given destination?
- What services are allowed from a given source?
- What destinations are reachable from a given source?
Use the traffic flow query to unlock the information buried in your configurations and find what you need to know right from your desktop. FirePAC provides the flexibility of using real ip addresses or the translated public ip addresses in the query. This avoids the need for the users to figure out the public translated addresses used in ACL rules when trying to understand the access to the internal servers.
Rule/Object Comparison: Many consoles and tools provide users the ability to perform text comparisons of configurations. Athena's Rule and Object Comparison provides an ability to quickly identify any problem areas in your configs caused by changes to objects and rules. By looking at the semantic dependencies between rules, objects and object group membership hierarchy, this capability provides you the context for understanding the impact of changes, unlike text comparisons that are difficult to comprehend. Users can compare side by side the additions, deletions, and modifications to rules and objects on both sides with comparison results presented in a tabular form, making this a mainstay feature for network engineers.
Policy Comparison: Modifying a firewall rulebase without affecting the service availability of other business services can be a real challenge. Athena's policy comparison is a report for understanding the impact of traffic entering the firewall at a given interface, not only for ACL rules, but also as to how the NAT, VPN and routing rules are applied. With this report, the firewall administrator can evaluate how changes to the rules or objects will affect the IP traffic flow. The policy comparison helps you make fewer changes overall and far less time rule "bug" fixing. It is especially handy every time you allow or block access or services, and can save you months of effort whenever making infrastructure changes for special projects such as as redistributing your firewall policies.
technical info
whitepapers
