Problems arising from firewalls are common, cost time and money and have dramatic consequences for the operations of networks, especially in multi-firewall enterprise network. In fact, any misconfiguration that can arise between rules creates ambiguity in classification and filtering of the traffic. The discovery and removal of these misconfigurations is a serious and complex problem to solve. Several solutions have been proposed, though these methods are useful for discovering anomalies, most of them identify each overlap between two rules with different actions as a configuration error while, in some cases, network administrator add, intentionally, overlapping rules. Also, in a distributed environment, they deal only with pair-wise filtering rules in a simple firewall and they consider relations between only two firewalls even if a network path could contain more than two firewalls and anomaly could happen between different rules from different firewalls. In this paper, we present (1) a new classification of anomalies in multi-firewall environment bringing out real configurations errors, (2) we use a data structure (FDD) to represent relations between different rules in different firewalls in the network, (3) a new approach to rule-set optimization and clean-up by removing superfluous rules from a simple firewall and firewalls in a distributed environment and (4) formal specification and validation of proposed techniques, we also proved its correctness and completeness and demonstrated its scalability and applicability.