When creating a firewall policy it's always good to add a comment to it.

Over the time, it's easier to review and manage firewall policies which have comments attached.

Adding comments to firewall policies

Although it may appear as an extra and possible time wasting step, adding a comment to a firewall policy can help in many ways:

  • You may know exactly all the facts about a policy; but if another admin logs into the firewall without or little knowledge about that policy, the comment will help him quickly understand what the policy does and why is needed.
  • Over the time, your number of firewall policies can grow; it's difficult to remember why each policy was created or what it's supposed to do. A policy comment will help in this situation.
  • You may manage multiple firewalls, and log into each of them only from time to time; the firewall policies comments will help to easily understand what is allowed on the firewall.
  • When reviewing the firewall policies, the comments help you to rapidly scroll through existing rules and check them for consistence or misconfiguration.
  • When a new administrator is hired, by reading the comments attached to each firewall policy, he will understand faster what is configured on the firewall.
  • Label policies; add warning notes stating that the policy needs to be disabled after a certain date or vice-versa, it must not be disabled or deleted.
  • Although the firewall policy may be documented in a report, you may not always have nearby that document.

Tips for adding comments to firewall policies

Adding a comment to a firewall policy it's a simple and easy task provided you understand the scope of the policy. Here are a few things you can mention within a comment:
  • Describe what the firewall policy does and why it's needed; use a simple and concise description.
  • Possibly add a date to remember when the policy was created.
  • Add a warning if needed; e.g. a temporary policy that needs to be disabled or deleted in the future. If by mistake it's not deleted, during a firewall policies review, you can quickly identify it. Or vice-versa, state that the policy must not be disabled or deleted.
  • Rate its importance; for example it may allow a critical service.

Conclusion

Comments attached to firewall policies simplify the firewall administrator's job and help keeping a clean and secure firewall configuration.