1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 2, 2025
  4. Optimizing Firewall Policy Management in Microsegmented Networks

Optimizing Firewall Policy Management in Microsegmented Networks

CSN.
2025;
Volume 7, Number 2
: pp. 193 - 205
https://doi.org/10.23939/csn2025.02.193
Authors:
  1. R. M. Syrotynskyi
  2. I. Y. Tyshyk
1
Lviv Polytechnic National University, Department of Information Protection, Ukraine
2
Lviv Polytechnic National University, Department of Information Protection, Ukraine

The article analyzes the tasks and challenges of managing complex corporate networks that arise during the migration from a perimeter-based security model to a Zero Trust Architecture (ZTA). It is established that neglecting these issues may lead both to a decline in service quality within microsegmented network infrastructures and to increased risks associated with the excessive complexity of firewall rules.

Firewall rule set optimization is identified as a crucial aspect of network security management, particularly in environments that implement Zero Trust Architecture and microsegmentation. Strategies for optimizing the deployment and administration of access policies are examined, with a focus on automation and efficiency. The paper analyzes the main scenarios of access to information resources in corporate networks and discusses the relevance of automation using tools such as Ansible, Rundeck, or Terraform, which simplify the initial deployment of configurations in microsegmented environments. A template for automatic or semi-automatic rule generation is also proposed, along with examples of its application.

The article further considers key security challenges that arise when operating networks in accordance with Zero Trust principles. Approaches are proposed for effective management of large firewall rule sets, including rule generalization and lifecycle management, as well as new mechanisms for implementing dynamic access policies. It is determined that the proposed solutions contribute to reducing firewall configuration redundancy, lowering the overall operational burden on administrator teams, minimizing the potential attack surface, and consequently improving corporate network performance.

microsegmentation
security policies
firewall
optimization
automation
network structuring
  1. Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2019). Zero Trust Architecture. DOI: https://doi.org/10.6028/nist.sp.800-207-draft.
  2. Sarkorn, T., & Chimmanee, K. (2024). Review on Zero Trust Architecture Apply In Enterprise Next Generation   Firewall.   2024   8th   International   Conference   on   Information   Technology   (InCIT),   255-260.   DOI: https://doi.org/10.1109/incit63192.2024.10810611.
  3. Vanickis, R., Jacob, P., Dehghanzadeh, S., & Lee, B. (2018). Access Control Policy Enforcement for Zero- Trust-Networking.       2018       29th       Irish       Signals       and       Systems       Conference       (ISSC),       1-6.      DOI: https://doi.org/10.1109/ISSC.2018.8585365.
  4. Gokhale, A., & Kulkarni, S. (2024). Enhanced Zero Trust Implementation - A Novel Approach for Effective Network Policy Management and Compliance Tracking. International Journal for Research in Applied Science and Engineering Technology. DOI: https://doi.org/10.22214/ijraset.2024.58201.
  5. Creutz, L., & Dartmann, G. (2023). Decentralized Policy Enforcement in Zero Trust Architectures. 2023 IEEE Future Networks World Forum (FNWF), 1-6. DOI: https://doi.org/10.1109/FNWF58287.2023.10520563.
  6. Santis, A., Castiglione, A., Fiore, U., & Palmieri, F. (2011). An intelligent security architecture  for distributed  firewalling  environments.  Journal  of  Ambient  Intelligence  and  Humanized  Computing,  4,  223-234.  DOI:  https://doi.org/10.1007/s12652-011-0069-8.
  7. Benzaïd, C., Guerd, N., Rehouma, N., Zeraoulia, K., & Taleb, T. (2025). A Multi-Layered Zero Trust Microsegmentation Solution for Cloud-Native 5G & Beyond Networks. 2025 IEEE Wireless Communications and Networking Conference (WCNC), 1-7. DOI: https://doi.org/10.1109/WCNC61545.2025.10978671.
  8. Karanam, R. (2024). Zero Trust Architecture in DevSecOps: Enhancing Security in Cloud-Native Environments. International Journal for Research in Applied Science and Engineering Technology. DOI: https://doi.org/10.22214/ijraset.2024.64045.
  9. Zaborovsky, V., & Titov, A. (2009). Specialized Solutions for Improvement of Firewall Performance and Conformity to Security Policy. 603-608.
  10. Zarina, D., Safawati, W., Hafiz, M., & Syafiqa, M. (2018). Firewall Redundancy Rules Filtering Using Integrity Rules Checking. Advanced Science Letters, 24, 7451-7454. DOI: https://doi.org/10.1166/ASL.2018.12957.
  11. Golnabi, K., Min, R., Khan, L., & Al-Shaer, E. (2006). Analysis of Firewall Policy Rules Using Data Mining Techniques.  2006  IEEE/IFIP  Network   Operations  and  Management   Symposium  NOMS   2006,   305-315.   DOI: https://doi.org/10.1109/NOMS.2006.1687561.
  12. Syrotynskyi, R., & Tyshyk, I. (2025). FEATURES OF NETWORK ACCESS MANAGEMENT OF CORPORATE SYSTEMS IN ZERO TRUST ARCHITECTURE. CSN, 2025, Computer systems and network, Volume 7, Number 1, pp. 261–271. DOI: https://doi.org/10.23939/csn2025.01.261.
  13. Golnabi, K., Min, R., Khan, L., & Al-Shaer, E. (2006). Analysis of Firewall Policy Rules Using Data Mining Techniques.  2006  IEEE/IFIP  Network   Operations  and  Management   Symposium  NOMS   2006,   305-315.   DOI: https://doi.org/10.1109/NOMS.2006.1687561.
  14. Voronkov, A., Martucci, L., & Lindskog, S. (2020). Measuring the Usability of Firewall Rule Sets. IEEE Access, 8, 27106-27121. DOI: https://doi.org/10.1109/ACCESS.2020.2971093.