The automation of firewalls is still a relatively under-discussed topic compared to the automation of network devices. This is likely due to complexity: firewall policies tend to be a long list of rules, created by different people, for different (application) purposes, and aggregated together. The order of these rules is often crucial and has direct performance impacts. Creating a model to describe them is far from simple. While other tasks can be automated, in my experience, they are of relatively minor importance.

Let’s take a step back and identify the activities a security engineer performs throughout the lifecycle of a firewall:

• Provisioning: These are one-time or occasional tasks that configure the foundation of a firewall (IP addressing, routing, VLANs, DNS, NTP, licenses, etc.).
• Rules: These tasks involve adding, modifying, or deleting rules in response to changes in the services passing through one or more firewalls.
• Maintenance: These tasks allow us to monitor the status of a firewall or perform troubleshooting in case of anomalies or unexpected behaviors.

Continue reading the post on Patreon .