[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Console requirements
>Hi, >Can any one tell me how 'big' must the console equipment be for a good >performance of the distributed installation? >For example we have 3 SUN 250, two for the inspections modules and the other >one for the console. Is that necesary?, could we have, for instance, a Netra >as console? > >The console is acting as Stonebeat Console and FW-1 Management Console. By "console" for the FW-1 Management, I'm assuming you mean "Management Module" and not just the GUI. In that case, For CPU and memory requirements for a Management Console, it depends mainly on how much logging and policy changes will do... If you will be running lots of scripts, etc. against the logs, you may want to have lots of memory and CPU power to get things done quickly. This also depends on how much logging you will be doing. Some places log a million records into the log files daily, some just a few hundred. If you are running reporting tools, especially if on the same box, you need more memory and CPU power. More memory and faster CPU = happy security admin(s). For logs, you will need lots of diskspace. This is because the firewall modules will send all the logs to the Management Console. In addition, I would make sure that you make a seperate partition for the firewall logs - or make sure that the system partition is separate {don't install everything on the same partition}. As far as a Netra goes: since you need to make sure you have enough disk space with the ability to do some sort of RAID for redundancy - that could rule out a Netra T1 unless you use some sort of network storage device. Make sure you have some plan in place for switching logs {either hourly, daily, weekly, monthly, etc. - depending on how much logging you will be doing.} Smaller log files make searching for things faster and easier in the event of security incidents or for log analysis. Don't forget some form of backup system for all the logs. Also, remember that if the Management Console happens to go offline/become unavailable, the FW Modules start logging locally (i.e. to the local drives under $FWDIR/log directory {which is a symbolic link to /var/opt/CPfw1-41/log}). Make sure you have enough space on each FW module's /var partition in a situation where the Management Server may be down {since StoneBeat is only providing HA for the FW modules}. Make sure to have /var on a seperate partition or redirect logs to another partition via a symbolic link (see http://www.phoneboy.com/faq/0101.html ). To HA a Management Console see: http://support.checkpoint.com/kb/docs/public/firewall1/4_0/pdf/redundant-mgt -srv.pdf and http://www.phoneboy.com/faq/0235.html For StoneBeat, you can direct the StoneBeat logs to the FW-1 logs using Check Point's ELA/LEA API. {see StoneBeat docs}. Other than that, the StoneBeat interface/console doesn't really require any major disk space or CPU power. {You can also use the sbfcconfig command line utility, on each FW module, or Management Console if you generated the PEM based certs for the comman line utility}. Overall, the FW Modules should be fast and have enough memory to pass the traffic you need. In addition, make sure to use a FULL DUPLEX 100MBS network segments for the State-sync between the FW Modules. You may want to use a backup network segment for the State-sync in case the primary segment goes down. Good luck, Amin Tora, CISSP ePlus Technology http://www.eplus.com NASDAQ: PLUS ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|