When I first decided to add an upgraded firewall to my network, I wanted to figure out some way of firewall testing. I assumed that there was a way to run a program on it internally that would just look at the rule sets and tell me if I had misconfigured anything before we went live, that way I could correct any of my possible errors before the firewall was in use. Not to say that I make many errors, but we all have to face the fact that mistakes can happen!
I was a bit surprised that the firewall testing process was a bit like hacking. All the unscrupulous things that I used to do as a kid. For example, port scanning. A typical firewall testing process sniffs out the open ports on the firewall, the same thing someone would do who was trying to get into your network. The goal is the same, really; if you can get into your network through an open port during firewall testing, then so can someone else. There is no better method of firewall testing than to take the same action that an intruder might. Thinking like a hacker does can help you see things from a different perspective, and might help reveal weaknesses in your security structure.
If you cannot think like a hacker, or do not possess the necessary skills to attempt a penetration of your network for firewall testing purposes, there is always the vendor option. This is a common service, and many companies excel at firewall testing. They employ security specialists who can perform firewall testing on your network and give you peace of mind that your firewall is configured properly and is as secure as it can be. No security system is impenetrable, but properly performed firewall testing can ensure that you have done all that you can to make sure your firewall is configured properly and working to its specifications.