01 February 2011

Firewall Builder 4.1.3 Review

Firewall Builder 4.1.3 is currently the latest version of Firewall Builder which can be downloaded for a free trial from http://www.fwbuilder.org/. It is a very versatile product with which one can create firewall rules for different kind of servers from preconfigured templates. it is also possible to build the firewall from scratch according to ones own preferences and company policy rules.

It offers a GUI for generating complex ipfw, iptables, PF, Cisco IOS extended access lists, Cisco ASA (PIX) configurations.

Here is a small Quick Start tutorial for Firewall Builder.

You can manage multiple Firewalls from a single GUI.

Major Features

  • Visual GUI with drag-and-drop objects for creating firewall rules
  • User defined library of objects, such as IP networks, can be used across all firewalls
  • Create meta objects, like groups, that don't exist natively on target device
  • Rule analysis to verify rules are syntactically correct and will work on the target device
  • Optimization of rules to increase rule matching performance
  • Integrated installer to securely deploy rules

With Firewall Builder, you can manage the security policy of your firewall efficiently and accurately,
without the learning curve usually associated with command line interfaces.Instead of thinking in terms
of obscure commands and parameters, you simply create a set of objects describing your firewall, servers,
and subnets, and then implement your firewall policy by dragging objects into policy rules. You can also
take advantage of a large collection of predefined objects describing many standard protocols and services.
Once a policy is built in the GUI, you can compile it and install it on one, or several, firewall machines.
Firewall Builder helps you write and manage configuration for your firewalls.
It writes iptables shell
script, pf.conf file, Cisco router access lists or PIX configuration for you. You can then copy and paste
configuration generated by Firewall Builder, copy the file manually or using your own scripts, or use
built-in function to configure the firewall. Firewall Builder provides change control and search functions.
It allows you to reuse the same address and service objects in rules of many firewalls. It simplifies
coordinated changes of the rules in multi-vendor environments and helps avoid errors in generated
Firewall Builder can generate complex iptables, PF, Cisco IOS extended access lists, Cisco ASA (PIX)
configurations. You do not have to remember all the details of their syntax and internal operation. This
saves time and helps avoid errors.
Firewall Builder makes it easy to add IPv6 rules to the existing firewall policy. Create objects describing
your IPv6 network, add them to the same rule set that defines your security policy for IPv4 and configure
it as "mixed IPv4+IPv6 rule set". The program will generate two configurations from it, one for IPv4 and
another for IPv6, using correct objects for each. There is no need to maintain two policies in parallel for
the whole time of transition from IPv4 to IPv6.
You can generate configuration for a range of devices starting from small Linksys, D-Link and other routers running 
DD-WRT or OpenWRT, to firewalls running Linux, FreeBSD or OpenBSD on a regular or purposebuilt
 PC, to Cisco routers and Cisco ASA (PIX) firewalls.

I started my evaluation with a firewall from a template, which I assume is what most people will do.
When you start Firewall Builder you will get the following welcome screen:

Once you have read and closed the welcome window, you will get the following screen:

Here you can start creating your firewall configuration by double clicking on the Create Firewall button. This will lead you to the following screen:

This screen lets you choose the operating system, which in this case is the MAX OS X 10.6.5 OS. Here the important thing is to check the Use preconfigured firewall templates checkbox, in order to arrive at the following screen:

Here the best option is to choose the template of your choice, but for a simple old second hand laptop like mine it is best to choose the web server template with just one ethernet card. Remember to first look up the name of the ethernet card for your system, in this case just open about this MAC and click on NETWORK and lookup the ethernet description in this case en0. Click on next and the following screen appears:

Here you can set your IP Address correctly, this is the default address that is configured, but you can just click on the line with the IP Address and change it to whatever your ip address is. Keep it secret for prying eyes though.

After that you can click on next and specify the name for the Firewall configuration file and where you want to save it. After you click on next the compilation of the firewall configuration can start:

Make sure that you have the right access privileges (in this case root). Click on next and the firewall will be compiled as you can see in the screenshot:

After successful compilation you can deploy the firewall. This can be done with a script, which is automatically available in the Firewall builder tool, or manually, which I had to do, because on a MAC laptop the root account is as a rule disabled for security reasons. Same on a Windows platform never go online with Administrator rights (question is why I still do it myself). The compilation produces two files a .fw file and a .fwb file. Both files have to be copied to /etc/fw directory. If the directory does not exist just create it with cd /etc, mkdir /fw and set the access rights correct with chmod +x for the files after copying them to the /etc/fw directory on MAC OS X. In firewall builder your configured rules and ip address look like this:

As you can see the screenshot above shows your configuration and you can off course add and remove new rules as shown in the video above. The process is approximately the same for Linux and Unix machine with the difference that you either use .rpm or .deb packages or tarred .gz files. On windows the install is easy, just download the package and double click and follow the instructions as allways on windows.

But However just as a joke (because I like windows products):


0 reacties:

Post a Comment