Firewall Audit Checklist

This Process Street firewall audit checklist is engineered to provide a step by step walkthrough of how to check your firewall is as secure as it can be.

We recommend utilizing this firewall audit checklist along with the other IT security processes as part of a continuous security review within your organization, provided you are able to do so with the resources you have.

This checklist searches for vulnerabilities in your security defenses and also serves as a maintenance tool to habitually clear away clutter and update your restrictions and permissions for relevancy.

This template is entirely editable and allows you to add and remove tasks while also editing the content inside them. This means you can tweak this checklist to fit the exact needs of your organization.

Throughout the template, you will see form fields where data can be entered. Any information inputted into the form fields is then stored in the template overview tab for further reference, which you can also download as a CSV file if you want to store your own logs.

If you want more information on firewalls, watch the video below:

Record the details of the checklist in the form fields below.

Audit approver details

Certain tasks in this Firewall Audit Checklist will require approval from the relevant personnel in your team, You can fill in the details of the relevant audit approver below.

Locate copies of all security policies and procedure documents for review. 

Upload or link to them in the form fields below.

Make sure you have access to all relevant logs. 

Record in the form field below the person who gave you access, if applicable. 

A network diagram is a useful tool to provide a simple visual overview of the network's structure. 

This can help you make sure you have investigated all relevant areas. 

See the image below for tips on what to gather. 

Gather and review any reports from previous audits. 

This should help you understand how the firewall has evolved over time while revealing previous areas of weakness which you can pay extra attention to. 

Use the form fields below to provide notes on relevant ISPs and VPNs.

Gather as much information as you can about the vendor and the product.

Upload this information in the form field below. 

Review the setup of key servers and record any notes in the form field provided. 

Maintaining effective firewall systems is as much about procedural setup as it is about software or hardware.  

Request, assess, and analyze the existing procedures for maintaining the rule-base.  

Leave any notes below. 

Analyze the overall process for changes to the firewall. 

• Does authorization have to be given every time?
• If so, who are the involved participants?
• What is the workflow like?

Leave any notes on this process in the field below.

With this new knowledge of the existing procedures, processes, and workflows, gain access to firewall change logs. 

You should review the previous changes to the firewall to assess whether or not the procedures and processes were appropriately followed. 

There is little point in having strong processes in place if they are not being followed by the staff involved. 

Use the form field below to record your notes.

Access to your systems is not only digital. Your physical security could be compromised also.

Review the security of the servers to make sure they cannot be tampered with without authorization.  

Leave any notes below. 

These secure locations still require access. What are the procedures for gaining access to the restricted locations?

Request, review, and analyze the access procedures and authorization processes for restricted areas. 

Provide notes below. 

Review the vendor information you gathered previously in the process and analyze that against the recorded updates for the firewall. 

Make sure that all updates and patches have been applied. 

Your OS will need regular review to make sure it is as secure as it can be. 

For an in-depth assessment of hardening read: Operating System Hardening – CompTIA Security+ SY0-401: 3.6 

Or, watch the video below.

How we deal with extra devices on the network should be standardized in clear and actionable procedures. 

Without this, we risk creating a loophole in our security by having an unsecured device on the network. 

For more information device administration read: Policies Affecting Network Device Administrators

Request, review, and analyze the existing procedures for device administration.

Leave any notes in the form field below.

Clutter within a firewall's rule-base should be removed like clutter of any other kind. 

If there are rules which are deemed redundant, simply delete them. 

Record deleted rules below. 

Again, this is part of a process of de-cluttering. 

If there are unused objects present, disable or delete them as appropriate. 

Record your activity below. 

Assess the order of your rules to maximize the performance of your system.

Leave any notes on changes in the form field below. 

If a connection is not in use it can be removed. 

Record your activity below. 

Make sure you have documented these changes appropriately. 

If you included all changes in the form fields in the previous tasks, then you will be able to export that data as a CSV file for easy future review. Proper use of Process Street will make sure your work is always documented. 

Otherwise, take this opportunity to make sure the changes were documented. 

As part of a risk assessment, it is important to review industry guidelines to understand best practices and to better assess what constitutes risk in this scenario. 

Important industry documentation to review might include:

• PCI-DSS,
• SOX,
• ISO 27001,
• NERC CIP,
• Basel-II,
• FISMA
• and J-SOX

Sam Erdheim of AlgoSec provides us with a series of potential questions to pose when we're considering risk within the context of our firewall:

• Are there firewall rules that violate your corporate security policy?
• Are there any firewall rules with “ANY” in the source, destination, service/protocol, application or user fields, and with a permissive action?
• Are there rules that allow risky services from your DMZ to your internal network?
• Are there rules that allow risky services inbound from the Internet?
• Are there rules that allow risky services outbound to the Internet?
• Are there rules that allow direct traffic from the Internet to the internal network (not the DMZ)?
• Are there any rules that allow traffic from the Internet to sensitive servers, networks, devices or databases?

Consider questions like these and more in order to thoroughly analyze your risk exposure. 

Use one of the form fields below to upload or link to your risk assessment report.

Where possible, it is advantageous to replace manual tasks with automated solutions. 

This saves time and reduces errors, allowing the relevant member of staff to act as a reviewer - a second line of security. 

The level of reporting available from automated tasks will also make future audits easier. 

Check out this article from CSO about picking your firewall tech: Firewall Audits Dos and Don'ts

If you have utilized this checklist properly, then your auditing activities should be thoroughly documented. 

If you haven't been filling in your form fields, now is the time to make sure you document your actions and store that information in one accessible place. 

You need to make sure that the results of this audit are actionable. 

Create a firewall change workflow to make maximum use of this audit. 

Change management is vitally important within this process. Upload your report with your firewall change workflow in the form field provided. This report will be reviewed for approval by the relevant personnel. Completion of this checklist is not possible until your report has been approved.

If you need further information about firewall change workflows, watch the video below. 

• How to Conduct a Firewall Audit - CRN
• Firewall Checklist - SANS Institute
• Firewall Audit Checklist - AlgoSec
• Mastering Your Next Audit With the Firewall Audit Checklist - The Data Chain

• Privileged Password Management
• Network Administrator Daily Tasks
• Network Security Audit Checklist
• Firewall Audit Checklist
• VPN Configuration
• Apache Server Setup
• Email Server Security
• Penetration Testing
• Inventory Management Process
• Network Security Management
• Client Data Backup Best Practices
• Computer Maintenance Guide
• Server Setup Process
• Virtual Private Server Setup
• IT Support Process
• Helpdesk Management
• Server Maintenance
• Server Security
• Information Security Incident Response
• SQL Server Audit Checklist