Comparing Athena Firewall Grader to Nipper
Athena's Firewall Grader provides a normalized score for complexity based on a comparison of your firewall against a library of several hundred pre-analyzed firewalls.
Nipper does not offer a comparison against other firewalls. The rule by rule output does not consider all 12 dimensions of complexity represented in the rolled-up counts provided by FirewallGrader.
The table below shows how the complexity factors are displayed differently by both tools. To get an automated high-level view of complexity, all the factors below must be taken into account. Factors such as address and service elements, as well as expanded ACL rules, play a decisive role in complexity even when other factors have seemingly low counts.
Since Nipper cannot calculate these factors, any assessment based on Nipper's reports alone requires significant expert judgment. FirewallGrader provides scoring for a quick and objective high-level assessment that can be run multiple times with consistent results.
| Complexity Factors | Firewall Grader | Nipper |
| Total rules | Rolled-up Count | Rule Listing |
| ACL Rules | Rolled-up Count | Rule Listing |
| NAT Rules | Rolled-up Count | Rule Listing |
| Address Elements | Rolled-up Count | Not Handled * |
| Service Elements | Rolled-up Count | Not Handled * |
| Interfaces | Rolled-up Count | Rule Listing |
| VPN Connections | Rolled-up Count | Not Handled |
| Number of expanded ACL rules | Rolled-up Count | Not Handled |
| Rules with ANY service | Rolled-up Count | Rule Listing |
| Rules with ANY source or destination address | Rolled-up Count | Rule Listing |
| Rules with ANY service and ANY src/dst address | Rolled-up Count | Rule Listing |
| Total Deny Rules | Rolled-up Count | Rule Listing |
* Nipper provides the address or service object definitions which are different from the unique address or service elements referenced in the rules.