in addition to ensuring compliance of
firewall policies alco SEC firewall
analyzer enables you to define and
enforce baseline device configurations
in this demonstration we're going to
take a closer look at a FAS baseline
compliance feature AFA provides
out-of-the-box baselines of known good
configuration for the leading firewall
vendors and enables you to create and
customize your own policies to minimize
risks and ensure devices are configured
in accordance to best practices let's
examine a baseline policy for a cisco
a.s.a firewall the report is
automatically generated from a baseline
configuration profile that is attached
to each device we can see the various
parameters that are included in this
report such as checking timeout values
software versions ensuring specific
services like telnet are disabled and
ensuring other services such as logging
are enabled the report clearly marks
which requirements comply with the
baseline and which do not if we click on
the second requirement change SNMP
public community string we can drill
down to see why this is reported is
non-compliant with the baseline you'll
see there is a requirement for the
string to be at least eight characters
this provides you with actionable
information to correct the issue you can
also run the baseline compliance report
across a group of firewalls for more
holistic visibility of your firewall
estate
in addition to the out-of-the-box bass
lines that come with AFA you can create
and customize bass lines via XML file
here one of the standards we want to
report against is the platform parameter
use user level password you can
associate profiles for specific devices
based on vendor environment functional
need and more this was a short
demonstration of how Alka sex baseline
compliance capability helps you report
on device configurations per your
corporate policy you can request the
free evaluation at algo set calm / eval
