Under the previous Tofino product line, assisted firewall rule generation was a function of the Secure Asset Management (SAM) Loadable Security Module (LSM). The new Tofino Xenon product does not offer an equivalent function, however a command line tool is available that can translate alarm messages from the Event Logger into a spreadsheet.
This allows the user to sort and group alarms based on protocol and IP address and very quickly figure out what firewall rules should be created. The tool also identifies traffic for common industrial and IT protocols and can delineate which device is acting as client and server in the communications. With a little practice, rule generation can be an efficient process with this new tool.
Please view this video describing this tool, its purpose, and how to use it.
A link to download the parse tool is provided below.
Related Posts
Links of Interest
