A Firewall is a critical security configuration that monitors and filters both incoming and outgoing network traffic. If disabled or misconfigured, systems become vulnerable to unauthorized access, malware propagation, and data breaches.
The Saner CVEM platform detects when firewalls are disabled, improperly configured, or not running, and helps administrators analyze and remediate these issues.
1. Detecting Firewall Status
Saner CVEM continuously scans endpoints and generates Posture Anomalies when a firewall is not active.
Steps to Detect:
- Navigate to the Posture Anomaly (PA) Dashboard.
- Locate the anomaly PA-2022-1033 – Firewall disabled.
- This triggers when firewalls are turned off across public, private, or domain network profiles.
- Review the Summary Section:
- OS family with the most anomalies (e.g., Unix).
- Group with the most anomalies (e.g., test7).
- Operating System version with the highest anomalies (e.g., Ubuntu 24.04).
- Check Posture Anomaly by Device:
- Lists affected hostnames, OS family, and anomaly counts.
- Example: support, rocky9-saner (Unix family) – both showing 3 anomalies each.
- Review Posture Anomaly by Incidence:
- Shows firewall status by network profile (public, private, domain).
- Example:
- Public firewall: Disabled
- Private firewall: Disabled
- Domain firewall: Disabled
- Use graphical views (By Group, Family, OS) for quick status visibility across your environment.
2. Investigating the Risk
Once anomalies are detected:
- Verify whether firewalls are intentionally disabled for troubleshooting or misconfigured.
- Confirm compliance with your organization’s security policies.
- Cross-check systems in sensitive environments (servers, production endpoints) to ensure firewalls are enforced.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article