Release Notes: This release adds NAT capabilities to the Cisco ASA reader. "static" NAT IP IP NM and access-list statements are now added the NATs table, and policy NAT rules are identified. The < and > range identifiers used in ports are now stripped before printing Netscreen policies in rr mode. Some of the "undefined" warnings have been resolved.
Release Notes: This release reads Netscreen interface vip statements and adds them to the NATs table. Further consistency checks have been added to the policy build sections to more easily identify problem objects. The new htmlprintcsv.pl helper script converts 'print' mode output CSV files to HTML. Running the script without arguments displays info.
Release Notes: This release further updates the 'print' and 'fltprint' mode spreadsheets to include VPN tunnel usage info and source / destination negation from the policy, as well as "install on" info (most relevant to checkpoint). The version has changed to 0.3 because 'print' modes now include almost all of the "important" details pulled from the configs and logs.
Release Notes: This release further updates the NAT analysis capabilities of the script. More information is populated in the NAT columns of the print mode spreadsheets.
Release Notes: This release further improves the NAT analysis capabilities of 360-FAAR, the output of which is listed in the six new print mode columns, src, dst, and service, for both the NAT translations which are listed in the logs and in the policy, for each object.
Release Notes: This release completely drops the previous NAT methodology and integrates NATs into the rule processing subs, and also sports a rewrite of the NAT structures and nat rule processing. This new method is much more robust Negated rules are now identified in Netscreen and excluded from rr mode rulebases.
Release Notes: This release corrects MIP interface NAT ANY service name and adds nat dst ip statements to NAT tables so that NAT translated addresses from policies can be filtered against in rr mode CIDR filters. This release also correctly reads disabled rules in Netscreen and adds further checks to the rr mode rulebase builders. The Netscreen reader now reads tunnel VPN rules, and these can be used to filter out encrypted traffic in rr mode.
Release Notes: This release adds 'end.' comments to rr mode "enter search INC EX string" instructions as well as the 'exit' menu option and attempts to resolve a looping issue when using Ctrl-C in the Gnome terminal. This release begins the process of automatically resolving Netscreen MIP(ipaddr) objects from interface mip statements and adds them to the NAT tables. This release also resolves issues with incorrect protocol definitions (used when merging between Checkpoint and Netscreen) and reports these. Unknown rule types are now skipped and reported, e.g. Netscreen tunnel rules.