The first place to start is probably by doing a port scan on the firewall. This will let you know what ports the firewall is allowing through to the servers behind. Once you know this, you can then check this against your security policy to ensure that these ports are supposed to be allowed. This will help to see if the firewall is configured ok.
Once you have a list of ports that are open, you can then try to do a fingerprint to see if the OS can be identified through the firewall to the backend machine.
n map can do the port scan (various different types of scans) and also do the OS Detection.
This is probably where i would start with your testing.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit
www.sec-1.com
or PM me for details.
