Wednesday, June 6, 2012

Beginning Questions To Ask For Initial Firewall Configuration

I thought Id put down what I ask up front when I do a firewall setup.  This is pretty much standard for me to ask on any firewall, but Im putting it in the Ciscofun blog because I tend to do more Cisco ASAs than Check Points. 
outside address/subnet mask?
inside address/subnet mask?
next hop address (default route)?
is there a DMZ?  if so, what address/subnet mask?
internal routing?
email server on the inside?  web server?  special nat translations?  (static nats)
access-lists on the outside? or inside?
does this do dhcp for the internal network? 
vpn remote-access?   if so, what dhcp scope to use for clients?
integrate remote-access with AD?
domain name? 
site to site vpns?   if so, what remote peer, phase I sa, phase II sa, key, nat/nonat?, interesting traffic?
any special routing other than inside network?
local username/passwords on ASA?  integrated login to ASA with AD?