AlgoSec Firewall Analyzer
AlgoSec Firewall Analyzer (AFA) allows IT security and operations teams to automate the management of complex polices across traditional, next-generation and hypervisor-level firewalls, VPNs, routers, proxies, and related security devices. AFA delivers visibility and control even in complex multi-vendor environments, allowing organizations to monitor policy changes, plan changes, optimize rulesets and identify risky and non-compliant rules to ensure devices are properly configured. AFA also dramatically reduces firewall audit preparation time.
With AFA you can:
- Generate automated audit and compliance reports
- Cleanup and optimize firewall rulesets
- Discover and mitigate risky firewall rules
- Monitor all network security policy changes
- Effectively troubleshoot network problems
Features & Capabilities
AFA provides powerful visibility of complex networks and security policies to make daily firewall operations easier and more effective. AFA automatically generates an interactive topology map, which displays all firewall and router interfaces, network subnets and zones, and intelligent traffic queries ("Which firewalls and rules are blocking traffic from point A to point B?") that enable operations team to quickly pinpoint and troubleshoot connectivity issues. AFA also monitors and logs every change made to the firewall policy, and administrators can receive alerts in real-time when changes that do not comply with the corporate policy are detected.
View Demo (3:27)
Auditing and Compliance
AFA generates automatically populated compliance reports for industry regulations, including PCI-DSS, SOX, NERC and ISO. These detailed reports easily demonstrate firewall compliance. If the network security policy does not adhere to regulatory or corporate standards, the reports identify the exact rules and devices that cause gaps in compliance.
View Demo (2:04)
AFA instantly discovers and prioritizes all risks and potentially risky rules in the firewall policy by drawing on its knowledgebase. AFA provides the largest risk knowledgebase available, including industry regulations, best practices, and customizable corporate security policies.
AFA also assigns and tracks a security rating for each device and group of devices, allowing organizations to quickly pinpoint devices that require attention, and measure the effectiveness of the security policy over time.
View Demo (3:42)
Network Security Policy Optimization
AFA provides the richest set of recommendations for optimizing and cleaning up cluttered policies.
View Demo (3:50)
Baseline Configuration Compliance
AFA allows security teams to easily and efficiently define baseline hardware and software configurations to which devices must adhere, and generates reports to identify devices that do not comply with the corporate baseline, minimizing system risks.
View Demo (2:09)
Simplifying Management of Next-Generation Firewall Policies
In addition to managing policies and change workflows for traditional firewalls, AFA enables you to automate the management of next-generation firewall policies - from policy optimization and risk mitigation to automating compliance. Additionally, AFA's NGFW policy analysis is seamlessly integrated with FireFlow to automate change management.
View Demo (3:36)
Managing Routers as Part of Your Security Policy
AFA provides a complete picture of the security policy by analyzing traffic-filtering routers, in addition to firewalls. AFA provides visibility of the network traffic flow and delivers actionable policy analysis to optimize ACLs, reduce risk from poor router configurations and ensure compliance.
View Demo (4:02)
|FireWall-1®, Provider-1®, SmartCenter||v3.0 and up, NG, NGX, Software Blade Architecture (R7x) – including Application and Identity Awareness Software Blades|
|Security Gateway VE||All versions|
|PIX, ASA Series||v4.4 and up|
|Firewall Services Module (FWSM)||v1.0 and up|
|IOS Routers & Switches||All versions|
|Cisco Layer-3 Switches||Nexus Routers - All versions|
|Cisco Security Manager||v4.3|
|NetScreen Series||v5.0 and up|
|Network and Security Manager (NSM)||v2008.1 and up|
|SRX Series||All versions|
|Fortigate||FortOS 3.x and up, including VDOM|
Palo Alto Networks
|PAN-OS||V4.X and up|
|Firewall Enterprise (formerly Sidewinder)||V7.x and up|
|Proxy SG||V5.x and up|
Supported Devices for Change Monitoring*
|Secure Access SSL VPN|
* Additional devices can be added via the AlgoSec Extension Framework.
The AlgoSec Security Management Suite can be delivered as software only, or preloaded on a virtual or physical appliance.
Physical appliances can be deployed in high-availability mode and support load-sharing for increased scalability.
(2GB and additional 50MB per report)
|Operating System||Red Hat Enterprise |
CentOS 4 - 5
|Browser||Internet Explorer 7.0 or higher|
Firefox 3.0 or higher
|VMware virtual appliance can run on a hosting Windows server with 1GB of RAM (2GB RAM or more is recommended).|
AlgoSec 1020 – low cost entry level, best for up to 150 firewalls
*The number of firewalls supported by each appliance may vary according to policy complexity and the amount of logs collected.