brucker.ea:model-based:2008 BookSection Heidelberg Springer-Verlag 2008 Testcom/FATES 2008 5047 103-118 BruckerAchimD BrüggerLukas WolffBurkhart SuzukiKenji HigashinoTeruo Model-based Firewall Conformance Testing Firewalls are a cornerstone of todays security infrastructure for networks. Their configuration, implementing a firewall policy, is inherently complex, hard to understand, and difficult to validate. We present a substantial case study performed with the model-based testing tool HOL-TestGen. Based on a formal model of firewalls and their policies in HOL, we first present a derived theory for simplifying policies. We discuss different test plans for test specifications. Finally, we show how to integrate these issues to a domain-specific firewall testing tool HOL-TestGen/FW.