Use the Security Flexible Asset to summarize a security solution.
Firewall rules and site-to-site configuration is often best stored in the configuration record of the firewall itself, but in more complex architecture, this summary asset can be developed to give an overall view that is not as dependent on the technology of an individual device.
- Load the network attached devices in the client environment as configurations.
- Navigate to the organization you are onboarding.
- Click on Security in the left sidebar and then on the + New button in the top-right corner.
- In the Create Security screen, complete each of these below fields:
- Client Compliance Requirements - Select the requirements if appropriate.
- Anti-Virus and Anti-Spam - Select the solutions from the drop-down list. See the Additional Notes section of this KB article.
- Firewall - Select the firewall platform and devices.
- Inbound and Outbound Rules - Capture the business requirements of firewall rules, detailing the internal servers that need connections from the internet and any restrictions on internal computers from reaching the internet.
- Firewall configuration - Often this file is best attached to the device. Store a "reset to basic" config file here, so if anything should happen to the live device settings, or a device needs to be swapped out in a disaster recovery situation, the config file is stored here to keep the client environment up and running.
- Site-to-Site VPN - Similar to rules, provide high-level summary information here. There is no need to detail all the specs that are better read from the device itself.
- Password Complexity Standard - Setup the password standard for this client to assist with security audits. This is a good opportunity to create a proactive ticket or two to bring the existing passwords in line with this standard.
- Click Save.
- (Optional) Create additional documents for detailed configuration, security infrastructure, or network diagrams and add the documents as Related Items on the right-hand side panel, or attach the files.
- If anti-spam and anti-virus technology is configured via central management consoles, you could visit Account > Flexible Asset Types > Security to change the fields to let someone search for and select a solution, rather than choosing from a set of options in a drop-down list.