FireMon for Juniper Networks

Manage change, clean up legacy policies and achieve ongoing compliance on your Juniper Networks devices.

Juniper Networks line of security devices and software consolidate your most important network security components into do-it-all solutions. When you deploy a unified solution from Juniper Networks, your enterprise realizes lowered operational costs and improved management efficiency. Your enterprise also realizes a much narrower margin for error. Through the normal course of business, device configurations and firewall policies grow more complex and less understandable, increasing the likelihood of incorrect administrative change. When those changes are made on a multi-purpose device, where discrete security functionality is unified into a single point of management, it is imperative that the changes are correct. For enterprises with Juniper Networks security devices and software, FireMon offers a complete configuration management solution. With FireMon, organizations have the capabilities to: Analyze Zone-Based Policies: As the scope of control increases, so does the necessity to understand current policy behavior at all times. With policy testing tools and risk analysis, FireMon helps you understand the current policy so you can make better management decisions. Plan Configuration Changes: The best time to make sure that configuration changes are correct and wont have unintended consequences is before they are made. FireMon Policy Planner helps engineers make the correct change more efficiently. Clean Up Policies: A simple firewall policy is best. Simplify overly complex policies with FireMons suite of cleanup tools. Comply: Access requirements are central to the review of most compliance programs. In addition to understanding what access is allowed, knowing why that access is in place is critical. FireMon tracks business justification alongside your configuration elements for easy entry and reporting.

Firewall Management
Change Management

Configuration Cleanup

Compliance

Contact us today for a FREE evaluation.

Visit http://www.firemon.com/eval or e-mail info@firemon.com.

Configuration Change Management

Firewall change management can be difficult and costly. Automate the process, send immediate change reports to the team and capture critical business needs with Security Managers suite of change management features.

Change Process w/ Rule Recommendation Let your users submit firewall changes. Then, let Security Manager automatically determine if a new policy is necessary and recommend the correct change.

Firewall Rule Documentation Capture the reason for access and overlay it on the firewall policies. Capture business owner, approver, expiration date and justification for access.

Audit Log and Change Report Get notified every time the firewall changes, and keep a record of when and what changed for a complete audit history.

Firewall Cleanup and Optimization

Firewall configurations grow in size and complexity. Removing the policies that are not in use or are hidden by other policies is a great way to simplify and prevent future errors. Additionally, for policies defined too broadly (like an Any object in the service column of an accept rule), Security Manager can recommend ways to narrow down the definition.
I PC
EST PRACTICE COM C B PLI AN NER CE EST PRACTICE COM C B PLI AN NER CE EST PRACTICE COM C B PLI AN NER CE

I PC

I PC

Rule Usage Analysis Learn which policies are the most-used and least-used, and get a list of unused policies that can be removed.

Hidden Rules Report Analyze the policies controlling traffic between two zones to determine which of them are hidden and can be removed.
EST PRACTICE COM C B PLI AN NER CE

Traffic Flow Analysis Target broadly defined rules to determine the actual usage and see recommended ways to improve the policy definition.
EST PRACTICE COM C B PLI AN NER CE

Firewall Compliance and Security Analysis

I PC

I PC

EST PRACTICE COM C B PLI AN NER CE

I PC

Knowing how firewalls are configured with respect to regulations, policies and best practices is challenging when there are many zones, hundreds of policies and thousands of objects. Security Manager automates the analysis of configurations, continuously finding compliance failures and high-risk configurations.

EST PRACTICE COM C B PLI AN NER I CE PC

EST PRACTICE COM C B PLI AN NER I CE PC

I PC

EST PRACTICE COM C B PLI AN NER CE

Policy Behavior Modeling Define traffic scenarios as source, destination and service, and determine the firewalls current behavior. Then, test critical business continuity scenarios after every configuration change

Zone-Based Risk Analysis Define the risk of services between two zones of the network, and find all policies that pose risk. For instance, find all instances where HTTP, not HTTPS, is allowed into the PCI zone.

PCI, NERC and Best Practice Compliance Assess the configuration of your firewalls against the common standards. Get actionable results, including which individual security rules are non-compliant.

8400 W. 110th Street, Suite 400 Overland Park, KS 66210 USA Phone: 1.913.948.9570 E-mail: info@firemon.com www.firemon.com FireMon and the FireMon logo are registered trademarks of FireMon, LLC. All other products or company names mentioned herein are trademarks or registered trademarks of their respective owners.