On This Page
Amazon
AWS
- Dashboard Widgets
-
General (General overview of the system)
-
Audit (The number of rules with expired access or will have access expire within the next month)
-
Recent Changes (Rules and devices with changes in the past 30 days)
- Browsers
-
Rule Viewer (see Rule Viewer)
-
Object Lookup (See Object Lookup)
-
Changes (see Change Browser)
-
Device Viewer (see Device Viewer)
- Change Management
-
Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)
-
Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)
-
Create SecureChange ticket from Rule Viewer for:
-
Rule Decommission (Removes selected rules from supported devices)
-
Rule Modification (Receives rules from the Rule Viewer and lets you create a ticket in SecureChange for a handler to update firewall rules for supported devices)
-
- Topology
-
Static Topology
-
VPC Peering
-
Transit Gateway
-
Gateway Load Balancer (GWLB)
Supported Devices
The following devices are supported on Amazon AWS::
- Fortinet
- FortiManager
- FortiGate
- Check Point
- Management Devices (MDS) CloudGuard Network Security - Firewall & Threat Prevention
- Checkpoint Gateway
- Palo Alto
- Panorama
- PanOS firewalls
Notes for Amazon Devices
-
Monitoring is based on periodic polling. The default is every hour.
-
PCI results do not include these tests: 1.1.5, 1.1.7, 1.3.4, 2.2.4.
To pass PCI DSS tests that require rule comments or ticket IDs, add the comments and ticket IDs in the Rule Viewer. -
Auditing support does not include Compliance Policies and Unified Security Policy.
-
Topology path calculation simulates traffic if there is no more than one dynamic connection, but as many static connections as necessary.
Supported configurations are internal VPC connectivity and connectivity between VPC and the data center. -
In Compare, nested SGs of peered VPCs are shown as empty groups in rule source and destination. Also, no calculations are made for those rules.
Users may look at the SG origin VPC for more details. - In some cases, this device creates new rules for requested changes rather than updating the existing rules. In these cases, rule history might not be available.
