Tag Archives: VBA

Improve and speed up your Firewall Change Requests management for free

Should you be working for a small or a very large organisation, you probably have one or many firewall to manage. If you have half a decent security governance, you probably have someone reviewing and approving any request to update rules on the firewall(s).

If you have a lot of requests to process and a complex network architecture, you might be lucky to use an automated system like Fireflow to process these change requests. if you don’t, you might struggle a bit with this process and with the enforcement of somewhat complex network security rules related to data flows between different subnets.

So, if you don’t have much money to spend in a quite expensive solution, today is your lucky day as we give you one for free (at least if you already have a Microsoft Office license).

These last months, we have developped a set of Visual Basic functions for Microsoft Excel in order to help our customers deal with the management of IP networks, FQDN, URLs, DNS and so on.

Recently, we have used these functions to create an excell sheet meant to be a form to request Firewall Change Requests (FCR) and to provide automaticaly a compliance advice with some rules of data flows exchange between subnet and some IP ports uses.

This form and the VBA functions (or the Excel function library) are available on our public GitHub repository: https://github.com/Apalala-sprl/Excel-Functions

It is quite simple to use, the only thing you need to do is to fill the two sheet with the list of your subnet and the related Network addresses (in CIDR format) and to fill the access matrix defining what is allowed from one subnet to another (see picture below). Once it is done, you can hide these sheets and give the form to any person in your organisation wanting to change or add a firewall rule.

flow-matrix
When the requestor will encode its request in the form by giving the source and destination IP addresses, the field will automatically detrmine to which subnets the addresses belongs. Also, it will provide you the default treatment of such workflow. As the requestor will see the result as he types the request in, he will be rapidly notfied if his request is somewhat unusual or against the rules. it might reduce your workload and speed up the processing of the remaining requests.

If you have some trouble using it, don’t hesitate to contact us. If you improved it in any way, feel free to share your work with us and the rest of the community.