Basically when documenting a firewall, it is like doing a business case for a firewall.
1. You need to write why the need of the firewall (i.e. just a 1 page threat analysis of your network), 2. How does the firewall provide security against the mentioned threats. 3. Type of firewall, supplier and the OS is running. 4. Maintenance agreement of the firewall. 5. Rules of the firewall in detail. 6. Who (personnel) who manages the firewall and their deputies. 7. How often do the rules get changed, and what's the process of changing the rules (are stakeholders involved). Kind Regards, Melusi Dhlamini Information Risk Management KPMG 21 Riebeeck Street; PO Box 4609; Cape Town Business Telephone: +27 (21) 408-7325 Business Fax: +27 (21) 419-7503 Mobile: +27 (82) 782-9110 Website: www.kpmg.com E-Mail Disclaimer The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful. KPMG is neither liable for the proper and complete transmission of the information contained in this communication nor any delay in its receipt. ********************************************************************** This email is intended only for the use of the individual or entity named above and may contain information that is confidential and privileged. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this email is strictly prohibited. Opinions, conclusions and other information in this message that do not relate to the official business of our firm shall be understood as neither given nor endorsed by it. **********************************************************************
