First draft of my post: So you have to test (or check) a firewall in a new or existing it-infrastructure?
This question is what the test approach should be and this can partly be clarified if you can answer the following questions:
Is it a test of the firewall product? Is so then plan a test as you would for any other software product based on requirements, design, risks, etc. Because basically a firewall is a server running a OS and a application with some management interface. This test approach is out of scope for this post.
Is the firewall a part of a for example an enterprise infrastructure? Is so then plan a test that explores the firewall customization to the it-infrastructure that it is a part of. This test is what is described in the rest of this post.
Now, as a basic assumption for the test approach I assume that the firewall product is reliable and stable is operation. I know “assumptions is the mother of all fuck-ups”, however this is a risk I take at this stage. It will be at the top of my list of risks. Continue reading “Test of IT infrastructure – the firewall”