ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Open holes/ports for SSG firewall

[ Edited ]
10.16.08   |  
‎10-16-2008 07:38 PM

Dear expert, how to check any open holes/ports for SSG firewall for vulnerabilities check? Thanks.

Any tool that accomplished this task?

Message Edited by kianwee77 on 10-17-2008 10:48 AM
4 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Open holes/ports for SSG firewall

10.17.08   |  
‎10-17-2008 04:17 AM

Hi kianwee,

 

Nipper can parse your config file and check for security issues. It generates a report for further analysis. I'm not too sure if this is what you are looking for though.

 

Cheers,

flo

ScreenOS Firewalls (NOT SRX)

Re: Open holes/ports for SSG firewall

10.17.08   |  
‎10-17-2008 08:15 AM
How about Nessus?
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Open holes/ports for SSG firewall

10.17.08   |  
‎10-17-2008 08:34 AM
If you are trying to audit your firewall, Nipper is a really nice start.  If you are trying to test your firewall while in production + scan for vulnerabilities on your machines that are accessible, then start with eEye (http://www.eeye.com).  There are others as well, but it depends on what you are scanning for.  If you just want to do a port scan to see what is open, you can start with nmap or scanline [sl.exe], but make sure to do a slow scan because the firewall is pretty good about picking up on fast port scans and dropping those packets, which will result in a bad report.
-=Q
ScreenOS Firewalls (NOT SRX)

Re: Open holes/ports for SSG firewall

11.02.08   |  
‎11-02-2008 05:48 PM
Thanks a lot guys. You guys solved my question. Smiley Wink