Firewall Builder's latest addition, the Cisco IOS Access Lists, is a complete set of tools for managing a multi-tiered network security system. With this addition, users can easily build, test, and deploy ACLs on Cisco devices.
The compiler generates extended ACLs using the "ip access-list extended" command. ACL names are automatically generated using abbreviated interface names and direction symbols, making it easy to understand which ACL is which. The compiler uses a minimal set of options for the "ip access-list" command, so it should generate code that will work for IOS 12.x. Although it was not tested with 11.x, it is still confident that it will work with the latest versions of 11.x.
Firewall Builder for Cisco IOS ACL can also add commands to configure logging. The GUI includes a built-in installer for routers, which works similarly to the installer for PIX. Both installers were updated to improve support for the automatic roll-back feature, in case you lose connection with the firewall or the router due to an error in the policy. Now, the installer can schedule a reboot in a few minutes, then upload a new policy or ACLs and cancel the reboot if the upload was successful. All of this happens automatically, ensuring that communication with the router is maintained even if an error is made while designing access list rules.
All three installation methods that were available for PIX are now available for routers. You can clear all access lists and then load new ones or update access lists without clearing them. Additionally, the "safety net" method creates a temporary ACL for communication with the management station, assigns it to the interface marked as the management interface, clears all access lists, loads new ones, and swaps the proper list on the management interface.
This software works on all major Linux distributions, FreeBSD, Mac OS X, as well as Windows 2000 and XP. Key features of Firewall Builder for Cisco IOS ACL include being designed for complex access lists, the ability to control access lists for multiple routers from the central management station, and using an object-oriented approach to the ACL design.
The software simplifies policy design, and the same set of objects that describe hosts, networks, and protocols can be used to build firewall policy (Cisco PIX, or any of the Open Source firewalls, such as iptables, ipfilter, pf, or ipfw) and router access lists. The Firewall Builder GUI can also import existing access list configuration from a file saved using "show run" or a similar command.
Finally, starting with this version, Firewall Builder for IOS ACL has been released under the GPL and became a part of the main Firewall Builder code tree and binary packages.
Version 2.1.18: N/A