How a More Visual Firewall Can Help Protect Your Network

Any business with a network needs a firewall to keep the bad guys out and the data safe. And it has done so behind a complex dashboard that was difficult to navigate and operate.

But lately a few vendors have begun to offer a more visual take on this venerable category, placing a premium on the User Experience. For smaller businesses this can be especially useful. Let’s look at what is involved with these products with some samples from McAfee, Palo Alto Networks and Sonicwall.

In olden times, firewalls were anything but visual dashboards. You had to navigate long lists of rule sets that would take a lot of expertise to craft correctly. The order of how the rules were listed were also important, as the firewall would process one rule at a time. Each rule would either permit or deny a particular kind of traffic to a particular port and protocol. They had dashboards like this one from Cisco’s ASA firewall that had densely-packed information.

That was great back when the Internet was young but these days playing ports and protocol games is more complex. Just about every new application uses the Web ports 80 and 443, so filtering on those doesn’t help much. And for corporations that want to be more sophisticated in what they block, you want something that offers more granularity and understands the way particular applications behave. For example, let’s say I want to allow people to use Gmail but not Google Earth. So my firewall has to distinguish between these

two actions. Here is how the McAfee Firewall handles it. You can see a long list of Google applications here in the screen capture above. It is very easy to click on the particular situation and quickly set it up to block other Google functions.

McAfee has a add-on option to its Enterprise Firewall called Profiler that includes a very graphical mechanism for managing its operations.

You can use its graphical interface to spot trends quickly, make adjustments to firewall rule sets, and see the results of your changes instantly, without having to plow through network traces and protocol details.

In the screen capture below, we are looking at the main Profiler screen and you see these bubbles that indicate by color whether traffic is allowed or blocked by particular user department and application category.The size of the bubble indicates the volume of traffic that is involved in a particular situation.

Some of the firewalls come with very graphical real-time monitors, such as this display from Sonicwall’s unified threat appliances below where you can see traffic patterns and drill down if you spot something that doesn’t look quite right.

Palo Alto Networks has this interesting global map of all your network traffic, again to help you spot some particular network flow to a country where you normally don’t do any business. Many of the firewalls have geo-location features where you can block traffic originating or destined for particular countries too.

These are just some of the more innovative firewall vendors out there who have begun to harness visual information displays to help you manage your network traffic and operations. If you are still looking at long lists of log files or rule sets, you might want to investigate one or more of these products.