Abstract: A method and apparatus for Automatic Risk Assessment of a Firewall Configuration facilitates the automatic generation of a risk assessment of a given firewall configuration. The method scans the firewall analyzer report, before the human user does, and flag the Configuration errors. Each found mis-configuration is called a risk item. The report is analyzed according a Knowledge Base of known risk items. The method further filters duplicate risk item which are trigger by different rules.

Abstract: The present invention discloses a method for analyzing an IP Gateway's Routing Table for identifying sets of IP addresses (“Disjoint Zones”) communicating through the same Gateway, said method comprising the steps of: identify subnets of IP addresses which are directly connected to the Gateway (“directly-connected subnets”) via a network interface card (“NIC”); associate every route in the Routing Table with a NIC; identify and sort the Routing Table's Critical Points, at which the routing decision may change between successive IP addresses, and identifying Disjoint Zones of IP addresses by locating all the Critical Points at which the routing decision in fact changes between successive IP addresses. According to a further option of the present invention, an External Disjoint Zone is identified in accordance with the NIC which is associated with the default route.