/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsManaging a firewall — whether software or hardware can be
a nightmare sometimes. Depending on how rules are set, access to a particular
service may suddenly be enabled or disabled. Since there are many different
firewalls available in the market, management of all of them from a single point
is a very important requirement.
This is where FWBuilder comes in. It and gets installed
when you choose the Sysadmin workstation. It allows you to create, view and
apply firewall policies to your selected firewall and see the effect it has -
all graphically. It simplifies management of the firewall interface by applying
a common set of rules that the firewalls in your network can use.
To use FWBuilder, run the application from the menu. To
discover the different devices on your network, you can perform a network
discovery by using the Tools | Discover Objects menu item. This will examine the
/etc/hosts file, the network DNS zone and perform SNMP queries to get the list
of hosts available. You can then assign the type of device it is — host,
firewall, etc. The most important task of FWBuilder is to allow you to create a
“Firewall Policy”. This is a set of rules that determine the flow of network
traffic between your internet network and the external network. The rules are
defined by the following terms.
Action
An action in a firewall can be Accept, Deny, Reject, and Account.
Direction
This refers to the source and destination itself. For instance, a source of
“internal” and a destination of “external” means all access initiated
from your internal network to the external network. From source “internal”
to destination “firewall” can mean access to the firewall device itself from
the internal network.
Service
This is the actual network protocol or service that you wish to apply a rule
to. For instance, you might wish to allow SMTP service to your mail server and
HTTP service to your Web server, but disallow all other protocols/services to
both these machines. For this, you will create a rule that specifies the allow
rule for the said service from the source network (internal, Any, etc.) and the
destination machine (the host).
FWbuilder lets you perform all these graphically. You can
use one of many wizards in the application to help you to do these tasks, or
simply open the firewall policy window and start creating your firewall rules
here. Click the apply button to save the results to your firewall.