Figure 117: Top Fw/Vpn Rules Report; Example: Using Administrative Reports To Optimize Rulebases - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Example: Using Administrative Reports to Optimize Rulebases

Copyright © 2010, Juniper Networks, Inc.
In this example, you are a security administrator responsible for implementing new rules
to your firewall rulebase. After you have updated the new security policy on the managed
security devices in your network, you want to know the effect of the new rules on network
traffic.
You configure a "Top FW/VPN Rules" report to start at the same date and time that the
new rulebase settings were updated in the network. You also set the report data point
count to 100. In this way, you can get an indication for the top 100 rules that are generating
log events. Figure 117 on page 827 shows the Top FW/VPN Rules report.

Figure 117: Top FW/VPN Rules Report

By identifying the new rules that you implemented in the network, you can track how
effective the new rules are. If you find that a specific rule that is permitting too much
traffic, you may want to redefine it to be more strict. If you find that a specific rule is not
generating any log events, you may want to check it again to verify that you configured
it correctly; perhaps you configured an IP address incorrectly.
Regular review of the "Top FW/VPN Rules" report can help you to update and optimize
the rulebases implemented in your security policies.
Chapter 20: Reporting
827