In JSA Risk Manager, you can manage the efficiency of your network devices, investigate your network device configuration, investigate firewall rules, and identify security risks that are created by invalid firewall rules.
- Click the Risks tab.
- In the navigation pane, click Configuration Monitor.
- To search your network devices, enter an IP address or Host Name in the Input IP Address or Host Name field.
- Double-click the device that you want to investigate.
The rule Event Count column displays the firewall rule trigger frequency. A zero event count rule is displayed for one of the following reasons:
A rule is not triggered and might cause a security risk. You can investigate your firewall device and remove any rules that are not triggered.
A JSA log source mapping is not configured.
- To search the rules, on the Rules toolbar,
click Search >New Search.
If an icon is displayed in the Status column, you can hover your mouse over the status icon to display more information.
- To investigate the device interfaces, on the toolbar, click Interfaces.
- To investigate access control list (ACL) device rules,
on the toolbar, click ACLs.
Each access control list defines the interfaces over which the devices on your network are communicating. When the conditions of an ACL are met, the rules that are associated with an ACL are triggered. Each rule is tested to allow or deny communication between devices.
- To investigate network address translation (NAT) device
rules, on the toolbar, click NAT.
The Phase column specifies when to trigger the NAT rule, for example, before or after routing.
- To investigate the history or compare device configurations,
on the toolbar, click History.
You can view device rules in a normalized comparison view or the raw device configuration. The normalized device configuration is a graphical comparison that shows added, deleted, or modified rules between devices. The raw device configuration is an XML or plain text view of the device file.