Firewalls, when they do their job, are invaluable, and when they don’t, everybody knows it. Recall the last incident you had concerning a firewall failure!
In our connected world, firewalls are, crucial devices. They provide a variety of roles:
- single incoming and outgoing connection to a local network
- route voice and data
- control content
- prevent malicious access
- throttle bandwidth
It is why it is so important that your firewall documentation consists of more than just an IP address and the admin credentials.
Here are our 6 areas to consider when documenting a firewall.
A Firewall is a network device, almost always a physical box with a model number, serial number and network interfaces. A network device will often be referred to as a ‘configuration’, or a ‘node’.
- Capture as many details about the device as you can: hostname, serial number, install date, maintenance agreement expiry, manufacturer, model, location.
- Capture network interfaces by name (e.g. WAN or LAN1 or GE 0/0/1), VLAN and tagging (as required), IP addresses, MAC addresses.
- Capture the version of the firmware (or software) and ensure the latest install file is attached or linked to the device record.
- Most firewalls have exportable configuration files, it is essential for disaster recovery to have these available either attached to the record, or clearly linked from it. Make this file evident, so that any updates will be added as they occur.
- For firewalls with graphical interfaces, consider taking some screenshots of key pages of the management console to capture configuration details.
- Take a photo of the firewall to demonstrate the physical position in the room, mark it clearly. Attach the photo to the device record, or add to photo library for the site.
To configure or troubleshoot a firewall there will be one, or multiple, management accounts
- Attach credentials to the configuration record, or reference the location in your secure password management tool.
- Record the url/IP and port for remote management, and any relevant restrictions e.g. “can only be reached from certain subnets or IP ranges”.
We mentioned that a firewall fulfills various roles. It is vital to capture the requirements of the device in summary format. Here are some examples that could be captured in note form or a simple table:
- Outgoing SMTP traffic (port 25) must be only be routed from these 4 devices: exch-web, exch-01, scan01, app-web to server.spamcloud.com
- Incoming SMTP traffic (port 25) must only be routed from server.spamcloud.com to exch-web
- Site to site VPN required between DALLAS and KENTUCKY for all data subnets
- Incoming traffic on port 5055 routes to app-web
- Content filtering: social media restricted to all groups except marketing and exec team
The purpose of these roles is not to to get into the details around the rules, interfaces and addresses, but to have an agreed list of roles. This will assist with setup verification and testing, device replacement or disaster recovery.
A firewall, by its nature, is connected to at least two or more other devices. Capturing the connections is vital.
- Connections to switches, modems or routers are best captured in a simple table to show which interface is connected on each device, with a note of its purpose (e.g. WAN connection, DMZ, core switch).
- From an architecture overview, the firewall can belong to all of the following summary documents: Local Area Network, Internet Service, web facing applications, email, voice, DMZ.
Write a central procedure detailing the setup of a firewall from unboxing to a default manageable state. A complex scenario may require a second site-specific setup document. Link any troubleshooting procedures, or history of past issues in this document.
For the firewall you will want to record the following about the license:
- the maintenance agreement
- licensing information
- vendor contact information for escalation
- renewal date
Following all these steps will give you a completely documented Firewall. Happy documenting!
If you are already an IT Glue partner, you can find more detailed instructions on how to document firewalls in our knowledge base.