SUMMARY In JSA Risk Manager, you can manage the efficiency of your network devices, investigate
your network device configuration, investigate firewall rules, and identify security risks
that are created by invalid firewall rules.
- Click the Risks tab.
- In the navigation pane, click Configuration
Monitor.
- To search your network devices, enter an IP address or hostname in the Device IP or
Name field.
- Double-click the device that you want to investigate.
The rule
Event Count column displays
the firewall rule trigger frequency. A zero event count rule is displayed
for one of the following reasons:
- A rule is not triggered and might cause a security risk. You can
investigate your firewall device and remove any rules that are not
triggered.
- A JSA log source mapping is not configured.
- To search the rules, on the Rules toolbar, click
.
- To investigate the device interfaces, click
Interfaces.
- To investigate access control list (ACL) device rules, click
ACLs.
Each access control list defines the interfaces that the devices on your network are
communicating over. When the conditions of an ACL are met, the rules that are associated with an ACL
are triggered. Each rule is tested to allow or deny communication between devices.
- To investigate network address translation (NAT) device
rules, on the toolbar, click NAT.
The Phase column
specifies when to trigger the NAT rule, for example, before or after
routing.
- To investigate the history or compare device configurations, click
History.
You can view device rules in a normalized comparison view or the raw device configuration. The
normalized device configuration is a graphical comparison that shows added, deleted, or modified
rules between devices. The raw device configuration is an XML or plain text view of the device
file.
