Benefits
-
Consistent rules among different devices are ensured.
-
Changes of the ruleset are easily deployed.
-
Changes of the topology (IP, location) are easily deployed.
-
Vendor independent: Linux and Cisco devices are supported.
-
Optimized code is generated.
-
The compiler is optimized for speed. It is scalable to large installations with more than 1000 managed devices and thousands of rulesets.
-
The text based configuration language allows for easy integration into version control.
-
Multiple adminstrators can change the configuration simultaniously if version control is set up.
-
Comprehensive consistency checks are implemented.
-
Named rulesets (services) allow to generate understandable reports.
-
A central ruleset is a valuable and consistent resource during security audits.