360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!
Read Policy and Logs for
Checkpoint FW1 (in odumper.csv / logexport format),
Netscreen ScreenOS (in get config / syslog format),
Cisco ASA (show run / syslog format),
360-FAAR uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalisation at the same time as removing unused connectivity.
360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to seamlessly move rules to where you need them.
TRY: 'print' mode. One command, and spreadsheet for your audit needs!
· WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES - IS ONE FILE
· Easy to Edit Menu Driven Text Interface
· Capable of manipulating tens of thousands of rules, objects and groups
· Handles infinitely deep groups
· Capable of CIDR filtering connectivity in/out of policy rulebases.
· Capable of merging rulebases.
· Identifies existing connectivity in rulebases and policies
· Automatically performs cleanup if a log file is provided.
· Keeps DR connecitvity via any text or IP tag
· Encryption rules can be added during policy moves to remove the "merge from" rules for traffic that would be encrypted by the time it reached the firewall on which the "merge to" policy is to be installed - sounds complicated but its not in practice - apropriate ike and esp rules should be added manually
· Runs consistency checks on its own objects and rule definitions
More Details visit here.