1. Consistent rules among different devices are ensured.

  2. Changes of the ruleset are easily deployed.

  3. Changes of the topology (IP, location) are easily deployed.

  4. Vendor independent: Linux and Cisco devices are supported.

  5. Optimized code is generated.

  6. The compiler is optimized for speed. It is scalable to large installations with more than 1000 managed devices and thousands of rulesets.

  7. The text based configuration language allows for easy integration into version control.

  8. Multiple adminstrators can change the configuration simultaniously if version control is set up.

  9. Comprehensive consistency checks are implemented.

  10. Named rulesets (services) allow to generate understandable reports.

  11. A central ruleset is a valuable and consistent resource during security audits.

Copyright © 2023 Heinz Knutzen
Fork me on GitHub