360-FAAR  Firewall Analysis Audit Repair Icon

360-FAAR Firewall Analysis Audit Repair


360-FAAR Analyze FW1 Cisco Netscreen Policy Offline Using Config/Logs

5.0 Stars (7)
10 Downloads (This Week)
Last Update:
Download 360-FAAR Firewall Analysis Audit Repair…
Browse All Files
Windows BSD Mac Linux



360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!

Read Policy and Logs for:

Checkpoint FW1 (in odumper.csv / logexport format),
Netscreen ScreenOS (in get config / syslog format),
Cisco ASA (show run / syslog format),

360-FAAR compares firewall policies and uses CIDR and text filters to split rulebases / policies into target sections and identify connectivity for further analysis.

360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to move rules to where you need them.

Build new rulebases from scratch with a single 'any' rule and log files, with the 'res' and 'name' options.

Switch into DROPS mode to analyse drop log entries.

360-FAAR Firewall Analysis Audit Repair Web Site


  • .
  • Build new rulebases from scratch with a single 'any' rule and log files.
  • Resolve names using reverse name lookups (DNS optional whois) in new 'name' resolution mode
  • Read many log files by specifying the directory and an optional regex to match names.
  • Switch the processing into DROPS mode and process drop log entries for further analysis.
  • Output pre processed logs in JSON and read later and process more logs into the same config.
  • Easy to Use Menu Driven Text Interface
  • Capable of manipulating tens of thousands of rules, objects and groups
  • Handles infinitely deep groups
  • Handles Circular Groups and Nested Circular Groups
  • Capable of CIDR filtering connectivity in/out of policy rulebases.
  • Capable of merging rulebases.
  • Identifies existing connectivity in rulebases and policies
  • Automatically performs cleanup if a log file is provided.
  • Keeps DR connecitvity via any text or IP tag
  • Encryption rules can be added during policy moves to remove the "merge from" rules for traffic that would be encrypted by the time it reached the firewall on which the "merge to" policy is to be installed - sounds complicated but its not in practice - apropriate ike and esp rules should be added manually
  • Runs consistency checks on its own objects and rule definitions
  • ./360-faar.pl od=|ns=|cs=configfile[,logfile[,natsfile]]
  • od = object dumper format config, logexported logs, fwdoc format nat rules csv
  • ns = screenos6 format config - nats are included in policy, syslog format logs, fwdoc format nats can be used though
  • cs = cisco ASA format config, cisco asa syslog file, fwdoc format nat rules
  • od = output an odumper/ofiller format config to file, and print the dbedit for the rulebase creation to screen
  • ns = outputs netscreen screenos6 objects and policies (requires a netscreen config or zone info)
  • cs = cisco asa format config
  • By default 360-FAAR can process as many configurations as you have memory for
  • Make an empty file called "fake" and and use this as the file name for configs with fwdoc format nats but no log files.
  • Log file headders in fw1 logexported logs are found automatically so many files can be cated together
  • Inline Syslog / file headders (possibly from cat) are automatically recognised and handled appropriately.
  • Output odumper/ofiller format files and make them more readable (watchout for spaces in names) using the numberrules helper script
  • Edit these csv's in Openoffice or Excell using any of the object or group definitions from the three loaded configs.
  • You can then use this file as a template to translate to many different firewalls using the 'bldobjs' mode
  • Use the helper scripts to resolve names further and translate firewall objects to names


Other Useful Business Software

The Sight of Sound Icon

­ Improve VoIP Visibility from SIP to RTP

The Sight of Sound Icon
Cloudbased voice solutions are common in enterprise networks and frustrating for operations teams to manage. Simplify VoIP monitoring by having a proactive analysis of on-prem, hybrid and UCaaS voice services. Try the ThousandEyes VoIP monitoring solution today, free.

User Ratings

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5
Write a Review

User Reviews

  • 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    Nice project! You did a great job. Thank you!

    Posted 05/27/2013
  • 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    Faar works great.

    Posted 05/15/2013
  • 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    faar is fast and stable

    Posted 11/11/2012
  • 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    very good app. do what it is asked for. many options available. very easy

    Posted 09/11/2012
  • 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    two thumbs up... both by me, anyone else care to comment?

    Posted 01/28/2012
Read more reviews

Additional Project Details

Intended Audience

Telecommunications Industry, System Administrators, Auditors, Security Professionals, Security

User Interface

Console/Terminal, Command-line

Programming Language




Thanks for helping keep SourceForge clean.

Screenshot instructions:
Red Hat Linux   Ubuntu

Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)

More information about our ad policies

Briefly describe the problem (required):

Upload screenshot of ad (required):
Select a file, or drag & drop file here.

Please provide the ad click URL, if possible:

Get latest updates about Open Source Projects, Conferences and News.

No, thanks