Hidden Rules Report

Device: ns5xp (192.168.20.104)

Policy Overview
Policy Name From: Global To: Global From: Trust To: Untrust Hidden rules Rules with redundant objects 0 23 0 14 0 1 0

From: Untrust To: Untrust 0 From: Untrust To: Trust From: Trust To: Trust 1 1

Policy: From: Trust To: Untrust

Rule 52 makes rule 12 redundant
Recommended action: Delete rule 12 Rule Name Source Dans Cube 12 192.168.1.34 Matts Laptop [192.168.1.33] BGP [tcp/179] Any FTP [tcp/21] Accept Log Destination Service Action Log Comments

BGP [tcp/179] Dans Cube 52 192.168.1.34 Matts Laptop [192.168.1.33] Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] FTP [tcp/21] Accept Log

Rule 13 makes rule 21 (DanCubeCloned) redundant

Recommended action: Delete rule 21 (DanCubeCloned) Rule Name Source Destination Service DNS Dans Cube 13 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] SSH [tcp/22] Any DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] Accept Log Action Log Comments

Dans Cube 21 DanCubeCloned 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] Any SSH [tcp/22] Accept Log

Rule 19 (traffic_test again) makes rule 24 (auto-retrieval-test4) redundant

Recommended action: Delete rule 24 (auto-retrieval-test4) Rule 19 Name traffic _test again Source Any Destination Any TELNET [tcp/23] mxu [192.168.20.83] Any SSH [tcp/22] Accept Log Service SSH [tcp/22] Accept Log Action Log Comments

24

auto -retrieval -test4

Rule 19 (traffic_test again) makes rule 41 redundant

Recommended action: Delete rule 41 Rule 19 Name traffic _test again Source Any Destination Any TELNET [tcp/23] SPInternal [192.168.20.0 255.255.255.0] FNS-User [192.168.4.0 255.255.255.0] SSH [tcp/22] Accept Log Service SSH [tcp/22] Accept Log Action Log Comments

41

Rule 19 (traffic_test again) makes rule 75 (dip-src-test2) redundant

Recommended action: Delete rule 75 (dip-src-test2) Rule 19 Name traffic _test again Source Any Destination Any TELNET [tcp/23] Any Any SSH [tcp/22] Accept Log Service SSH [tcp/22] Accept Log Action Log Comments

75

dip-src-test2

Rule 19 (traffic_test again) makes rule 77 (dstNatTest) redundant

Recommended action: Delete rule 77 (dstNatTest) Rule 19 Name traffic _test again Source Any Destination Any TELNET [tcp/23] Any 192 .168 .20 .0 /255 .255 .255 .0 SSH [tcp/22] Accept Log Service SSH [tcp/22] Accept Log Action Log Comments

77

dstNatTest

Rule 45 (Test) makes rule 33 redundant

Recommended action: Delete rule 33 Rule Name Source Destination Service Action Log Comments

45

Test

Any

Any

ANY SSH [tcp/22] SYSLOG

Accept

Log

33 Disabled

10 .1 .1 .1 /255 .255 .255 .255

192 .168 .20 .60 /255 .255 .255 .255

SYSLOG-udp-514 [udp/514] TELNET [tcp/23]

Accept

None

Rule 45 (Test) makes rule 34 (jcoon rule) redundant

Recommended action: Delete rule 34 (jcoon rule) Rule 45 34 Name Test jcoon rule Source Any jasoncoon [192.168.20.36] Destination Any Any Service ANY ICMP-ANY [icmp/0,0] Action Accept Accept Log Log Log Comments

Rule 45 (Test) shadows rule 37 (new_test_for_martin13)

Recommended action: Delete rule 37 (new_test_for_martin13) Rule Name 45 Test Source Any Destination Any Service ANY AOL [tcp/5190 - 5194] 192 .100 .100 .100 /255 .255 .255 .255 37 new _test _for _martin13 192 .168 .20 .0 /255 .255 .255 .255 Martin_test [199.100.99.1 255.255.255.0] echo-reply [icmp/16,0] Test GOPHER [tcp/70] Drop Log Action Accept Log Log Comments

Rule 45 (Test) makes rule 43 redundant

Recommended action: Delete rule 43 Rule 45 Name Test Source Any Destination Any Service ANY HTTPS [tcp/443] 43 SPInternal [192.168.20.0 255.255.255.0] PeopleSoft_DB [192.168.22.64] MS-SQL [tcp/1433] Accept None Action Accept Log Log Comments

Rule 45 (Test) makes rule 49 (Mark's Test Rule) redundant

Recommended action: Delete rule 49 (Mark's Test Rule) Rule Name 45 Test Source Any Destination Any Service ANY Action Accept Log Log Comments

GroupA GroupB mdean 192 .168 .19 .0 /255 .255 .255 .0 49 Mark 's Test Rule 192 .168 .20 .30 /24 [192.168.20.30 255.255.255.0] 192 .168 .20 .104 /255 .255 .255 .255 192 .168 .20 .11 /255 .255 .255 .255 192 .168 .20 .13 /32 ANY Accept Log

Rule 45 (Test) makes rule 52 redundant

Recommended action: Delete rule 52 Rule 45 Name Test Source Any Destination Any Service ANY BGP [tcp/179] Dans Cube 52 192.168.1.34 Matts Laptop [192.168.1.33] Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] FTP [tcp/21] Accept Log Action Accept Log Log Comments

Rule 45 (Test) makes rule 57 (martin_testrule) redundant

Recommended action: Delete rule 57 (martin_testrule) Rule 45 57 Name Test martin_testrule Source Any 192 .168 .20 .24 /255 .255 .255 .0 Destination Any Martin_test [199.100.99.1 255.255.255.0] Service ANY FireMon [tcp/3192] Action Accept Accept Log Log Log Comments

Rule 45 (Test) shadows rule 59 (tgarrett-nat-1)

Recommended action: Delete rule 59 (tgarrett-nat-1) Rule 45 59 Name Test tgarrett-nat-1 Source Any tgarrett-pc [192.168.20.80] Destination Any 1 .2 .3 .4 /255 .255 .255 .255 Service ANY ANY Action Accept Drop Log Log Log Comments

Rule 45 (Test) makes rule 64 redundant

Recommended action: Delete rule 64 Rule Name Source Destination Service Action Log Comments

45 64

Test

Any 110 .20 .25 .30 /255 .255 .255 .0

Any 120 .60 .20 .10 /255 .255 .255 .0

ANY TCP-ANY [tcp/0 - 65535]

Accept Accept

Log Log

Rule 45 (Test) makes rule 68 (dev-2333 take 2) redundant

Recommended action: Delete rule 68 (dev-2333 take 2) Rule 45 68 Name Test dev-2333 take 2 Source Any 120 .234 .15 .120 /255 .255 .255 .0 Destination Any 192 .158 .16 .10 /255 .255 .255 .0 Service ANY HTTP [tcp/80] Action Accept Accept Log Log Log Comments

Rule 45 (Test) makes rule 71 redundant

Recommended action: Delete rule 71 Rule 45 Name Test Source Any Destination Any Service ANY NFS NFS-tcp-2049 [tcp/2049] 71 192 .188 .175 .20 /255 .255 .255 .0 Martin_test [199.100.99.1 255.255.255.0] NFS-tcp-111 [tcp/111] NFS-udp-2049 [udp/2049] NFS-udp-111 [udp/111] Accept Log Action Accept Log Log Comments

Rule 45 (Test) makes rule 73 (dip-group) redundant

Recommended action: Delete rule 73 (dip-group) Rule 45 73 Name Test dip-group Source Any 192.168.20.180 [192.168.20.180/255.255.255.255] Destination Any Any Service ANY ANY Action Accept Accept Log Log Log Comments

Rule 45 (Test) makes rule 74 (dip-test1) redundant

Recommended action: Delete rule 74 (dip-test1) Rule 45 74 Disabled Name Test dip-test1 Source Any 192.168.20.181 [192.168.20.181/255.255.255.255] Destination Any Any Service ANY ANY Action Accept Accept Log Log None Comments

Rule 45 (Test) makes rule 75 (dip-src-test2) redundant

Recommended action: Delete rule 75 (dip-src-test2) Rule Name Source Destination Service Action Log Comments

45 75

Test dip-src-test2

Any Any

Any Any

ANY SSH [tcp/22]

Accept Accept

Log Log

Rule 45 (Test) makes rule 77 (dstNatTest) redundant

Recommended action: Delete rule 77 (dstNatTest) Rule 45 77 Name Test dstNatTest Source Any Any Destination Any 192 .168 .20 .0 /255 .255 .255 .0 Service ANY SSH [tcp/22] Action Accept Accept Log Log Log Comments

Rule 45 (Test) makes rule 84 (RulereqTestt2) redundant

Recommended action: Delete rule 84 (RulereqTestt2) Rule 45 84 Name Test RulereqTestt2 Source Any 192 .168 .20 .0 /255 .255 .255 .0 Destination Any 192 .168 .30 .0 /255 .255 .255 .0 Service ANY HTTP [tcp/80] Action Accept Accept Log Log Log Comments

Rule 75 (dip-src-test2) makes rule 77 (dstNatTest) redundant

Recommended action: Delete rule 77 (dstNatTest) Rule 75 77 Name dip-src-test2 dstNatTest Source Any Any Destination Any 192 .168 .20 .0 /255 .255 .255 .0 Service SSH [tcp/22] SSH [tcp/22] Action Accept Accept Log Log Log Comments

Rule 8 (Prohibit AOL) makes rule 12 redundant for Services BGP

Rule Name Source Destination Service AH [ah/0 - 65535] AOL [tcp/5190 - 5194] BGP [tcp/179] 8 Prohibit AOL 192 .168 .1 .0 /255 .255 .255 .0 Any echo-request [icmp/8,0] SYSLOG SYSLOG-udp-514 [udp/514] Accept Log Action Log Comments

Dans Cube 12 192.168.1.34 Matts Laptop [192.168.1.33] BGP [tcp/179] Any FTP [tcp/21] Accept Log

Rule 8 (Prohibit AOL) makes rule 52 redundant for Services BGP

Rule Name Source Destination Service AH [ah/0 - 65535] AOL [tcp/5190 - 5194] BGP [tcp/179] 8 Prohibit AOL 192 .168 .1 .0 /255 .255 .255 .0 Any echo-request [icmp/8,0] SYSLOG SYSLOG-udp-514 [udp/514] Accept Log Action Log Comments

BGP [tcp/179] Dans Cube 52 192.168.1.34 Matts Laptop [192.168.1.33] Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] FTP [tcp/21] Accept Log

Rule 9 makes rule 21 (DanCubeCloned) redundant for Services FTP

Rule 9 Name Source Any Destination Any PING [icmp/8,0] Dans Cube 21 DanCubeCloned 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] Any SSH [tcp/22] Accept Log Service FTP [tcp/21] Accept Log Action Log Comments

Rule 9 makes rule 52 redundant for Services FTP

Rule 9 Name Source Any Destination Any PING [icmp/8,0] BGP [tcp/179] Dans Cube 52 192.168.1.34 Matts Laptop [192.168.1.33] Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] FTP [tcp/21] Accept Log Service FTP [tcp/21] Accept Log Action Log Comments

Rule 12 makes rule 13 redundant for Services FTP

Rule Name Source Dans Cube 12 192.168.1.34 Matts Laptop [192.168.1.33] BGP [tcp/179] Any FTP [tcp/21] Accept Log Destination Service Action Log Comments

DNS Dans Cube 13 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] SSH [tcp/22] Any DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] Accept Log

Rule 12 makes rule 21 (DanCubeCloned) redundant for Services FTP

Rule Name Source Dans Cube 12 192.168.1.34 Matts Laptop [192.168.1.33] BGP [tcp/179] Any FTP [tcp/21] Accept Log Destination Service Action Log Comments

Dans Cube 21 DanCubeCloned 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] Any SSH [tcp/22] Accept Log

Rule 13 makes rule 52 redundant for Services DNS-udp-53, DNS, DNS-tcp-53, FTP
Rule Name Source Destination Service DNS Dans Cube 13 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] SSH [tcp/22] Any DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] Accept Log Action Log Comments

BGP [tcp/179] Dans Cube 52 192.168.1.34 Matts Laptop [192.168.1.33] Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] FTP [tcp/21] Accept Log

Rule 14 makes rule 1 (traffic test) redundant for Destinations 192.168.20.104/255.255.255.255

Rule 14 Name Source Any Destination 192 .168 .20 .104 /255 .255 .255 .255 SPInternal [192.168.20.0 255.255.255.0] mdean 192 .168 .19 .0 /255 .255 .255 .0 1 traffic test 192 .168 .1 .0 /255 .255 .255 .0 192 .168 .20 .104 /255 .255 .255 .255 192 .168 .20 .11 /255 .255 .255 .255 192 .168 .20 .13 /32 ANY Accept Log Service ANY Action Accept Log Log Comments

Rule 14 makes rule 49 (Mark's Test Rule) redundant for Destinations 192.168.20.104/255.255.255.255
Rule Name 14 Source Any Destination 192 .168 .20 .104 /255 .255 .255 .255 GroupA GroupB mdean 192 .168 .19 .0 /255 .255 .255 .0 49 Mark 's Test Rule 192 .168 .20 .30 /24 [192.168.20.30 255.255.255.0] 192 .168 .20 .104 /255 .255 .255 .255 192 .168 .20 .11 /255 .255 .255 .255 192 .168 .20 .13 /32 ANY Accept Log Service ANY Action Accept Log Log Comments

Rule 19 (traffic_test again) makes rule 13 redundant for Services SSH

Rule 19 Name traffic _test again Source Any Destination Any TELNET [tcp/23] Service SSH [tcp/22] Accept Log Action Log Comments

DNS Dans Cube 13 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] SSH [tcp/22] Any DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] Accept Log

Rule 19 (traffic_test again) makes rule 21 (DanCubeCloned) redundant for Services SSH
Rule 19 Name traffic _test again Source Any Destination Any TELNET [tcp/23] Dans Cube 21 DanCubeCloned 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] Any SSH [tcp/22] Accept Log Service SSH [tcp/22] Accept Log Action Log Comments

Rule 19 (traffic_test again) makes rule 33 redundant for Services SSH, TELNET
Rule 19 Name traffic _test again Source Any Destination Any TELNET [tcp/23] SSH [tcp/22] SYSLOG 33 Disabled 10 .1 .1 .1 /255 .255 .255 .255 192 .168 .20 .60 /255 .255 .255 .255 SYSLOG-udp-514 [udp/514] TELNET [tcp/23] Accept None Service SSH [tcp/22] Accept Log Action Log Comments

Rule 21 (DanCubeCloned) makes rule 52 redundant for Services FTP

Rule Name Source Dans Cube 21 DanCubeCloned 192.168.1.34 Matts Laptop [192.168.1.33] FTP [tcp/21] Any SSH [tcp/22] Accept Log Destination Service Action Log Comments

BGP [tcp/179] Dans Cube 52 192.168.1.34 Matts Laptop [192.168.1.33] Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] FTP [tcp/21] Accept Log

Rule 42 makes rule 11 redundant for Services AOL

Rule Name Source Destination Service AOL [tcp/5190 - 5194] BGP [tcp/179] 42 10 .1 .1 .1 /255 .255 .255 .255 Any DNS DNS-udp-53 [udp/53] DNS-tcp-53 [tcp/53] Accept Log Action Log Comments

AOL [tcp/5190 - 5194] 11 10 .1 .1 .1 /255 .255 .255 .255 192 .168 .20 .60 /255 .255 .255 .255 FTP [tcp/21] Accept Log

Policy: From: Untrust To: Trust

Rule 4 (Allow SMTP 3) makes rule 6 redundant
Recommended action: Delete rule 6 Rule 4 6 Name Allow SMTP 3 Source Any 192 .168 .19 .0 /255 .255 .255 .0 Destination SPPhones [192.168.21.0 255.255.255.0] SPPhones [192.168.21.0 255.255.255.0] Service ANY ANY Action Accept Accept Log Log Log Comments

Rule 4 (Allow SMTP 3) makes rule 15 (test) redundant for Destinations SPPhones
Rule Name 4 Allow SMTP 3 Source Any Destination SPPhones [192.168.21.0 255.255.255.0] Service ANY HTTP [tcp/80] HTTPS [tcp/443] SP-Wireless [192.168.22.0 255.255.255.0] 15 test SPInternal [192.168.20.0 255.255.255.0] SPPhones [192.168.21.0 255.255.255.0] fm FireMon [tcp/3192] FireMon3193 [tcp/3193] Accept Log Action Accept Log Log Comments

Policy: From: Trust To: Trust

Rule 58 (smiller) makes rule 82 (Internal Communication) redundant
Recommended action: Delete rule 82 (Internal Communication) Rule 58 82 Name smiller Internal Communication Source SPInternal [192.168.20.0 255.255.255.0] 192 .168 .20 .0 /255 .255 .255 .0 Destination Any 192 .168 .30 .0 /255 .255 .255 .0 Service ANY HTTP [tcp/80] Action Accept Accept Log Log Log Comments