Thursday, January 24, 2019

Is there SPF/RSS-like a framework for distributing firewall requirements?

I support a variety of internet-based B2B products. Some have internet-based servers (with clients deployed at customer sites), others have internet-based clients (with servers deployed at customer sites).

Customers inevitably write firewall rules that whitelist the internet addresses of the public component of these applications, complicating relocation of centralized components.

Is there a standard way of publishing firewall requirements info that can feed directly into firewall processes at customer sites?

I'm imagining something like an SPF record for describing required traffic flows at L3/L4. We already publish a written-in-English firewall requirements document, of course.

Whitelisting by domain would be okay (the internet-based servers are found by DNS), but it looks like most domain whitelisting is done by HTTP inspectors, not by vanilla stateful firewalls.



No comments:

Post a Comment