Use the Security flexible asset to summarize all security solutions for a given client.
Firewall rules and site-to-site configuration is often best stored in the configuration record of the firewall itself, but in more complex architecture, this summary asset can be developed to give an overall view that is not as dependent on the technology of an individual device.
- Load all the network attached devices in the client environment, including the firewall, as configuration items.
- Navigate to the organization you are onboarding.
- Go to the Security section from the sidebar.
- click + New in the top right corner.
- Fill out as many or as few fields as you wish.
- Select Compliance Requirements if appropriate.
- Select the centrally managed anti-virus and anti-spam solutions from the drop-down list (see note further below).
- Select the firewall platform.
- Search for and select the firewall.
- Enter brief descriptions of inbound and outbound rules. Up to date detailed configurations are best read directly from the firewall interface, so there is no need to repeat the tech definitions here. Capture the business requirements of firewall rules, detailing the internal servers that need connections from the internet and any restrictions on internal computers from reaching the internet.
- Firewall configuration. Often this file is best attached to the device. Store a "reset to basic" config file here, so if anything should happen to the live device settings, or a device needs to be swapped out in a disaster recovery situation, the config file is stored here to keep the client environment up and running.
- Site-to-site VPN. Similar to rules, put in high-level summary information here. There is no need to detail all the specs that are better read from the device itself.
- Under Password Complexity Standard, pick a standard for this client's passwords to assist with security audits. This is a good opportunity to create a proactive ticket or two to bring the existing passwords in line with this standard.
- Click Save.
- (Optional) Create additional documents for detailed configuration, security infrastructure, or network diagrams and add the documents as Related Items (right-hand side of the screen), or simply attach the files.
- If anti-spam and anti-virus technology is configured via central management consoles, you could visit Account > Flexible Asset Types > Security to change the fields to let someone search for and select a solution, rather than choosing from a set of options in a drop-down list.