Does anyone have experience or suggestions about doing automated testing of
router filters for Wellfleet (or other) routers?
I am dealing with a client with a large network of Wellfleet routers (100+) and
we will be implementing filter rules on all of the interfaces of every router
(3-6+ interfaces per/router). This is to help enforce security and connectivity
selectively per interface and subnet as well as interfaces to external nets.
This means IP filters on source and destination addresses as well as on IP
protocols and TCP and UDP ports. This results in a lot of rules for each
interface and often very complicated rules.
We know what we are doing (I hope) and we sometimes do not get the rules right.
With this level of complication it is not reasonable to expect normal network
administrators/operators to get it right all of the time. We have been using
HP Net Advisor's and Alantec PowerBits in the lab to test things out but for
this scale and number of filters we would really like to find some automated
tools.
Michael Laufer
mlaufer @
bbn .
com
(410)290-5008
|
|
