Hi, I'm looking for techniques to verify the physical and logical placement of a firewall. Let's assume I have a network map that shows a firewall should be between Systems A and B. From a logical standpoint, all I can think of is to look at the firewall rulebase and look for rules containing source/destination IP addresses for A and B. However, I was thinking that it doesn't prove that there isn't other stuff in between (e.g. A->C->Firewall->B). How would you audit this? Also, how would you verify the physical location...is this even relevant given the size of LAN's/WAN's. I'm guessing a network map wouldn't give me what I need unless the firewall icon included a physical location, yes? Any tips would be greatly appreciated.