[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Multiple Firewalls -- Single/Multiple Policies???

To: [email protected], [email protected]
Subject: Re: [FW1] Multiple Firewalls -- Single/Multiple Policies???
From: Joel Turoff <[email protected]>
Date: Tue, 23 Jan 2001 10:37:05 -0500
Sender: [email protected]

Michael:

In my network, I have a single management server controlling numerous
firewall clusters.  Each cluster protects a different part of the network
and therefore has different rules that it must enforce.  For instance, some
networks allow Citrix traffic to pass, while others only permit HTTP.  

I manage this with different rulebases and I set these up so that I can't
accidentally install the wrong rulebase on the wrong firewall (I do this
with the "install on" field in the policy).  To manage everything with one
single rulebase would be a nightmare.  By separating them out, I can
quickly look at a single rulebase and have a complete understanding of what
is going on in each portion of my network.  Nice, clean, easy.  (Also, keep
in mind that the longer your rulebase, the more overhead!  You want a nice
short rulebase with the most commonly accessed services at the beginning
for the best performance).

Joel

At 09:37 AM 1/23/01 -0500, [email protected] wrote:
>
>
>Those of you who have a central management station and multiple
>firewalls, do you have one policy you push to all firewalls, or do you
>have separate policies for each firewall?
>
>A VAR of mine strongly suggests separate policies for each firewall.
>
>I've always been under the impression that a single policy should be
>able to be used for all firewalls.
>
>I'm looking for what the readers on this list do, and their opinions about
>it.
>
>Thanks a lot...
>
>Michael Breton
>Geiger
>>
>
>
>
>===========================================================================
=====
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
>

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] SecRemote: No answer received ...
Next by Date: Re: [FW1] Provider-1
Prev by thread: [FW1] Multiple Firewalls -- Single/Multiple Policies???
Next by thread: Re: [FW1] Multiple Firewalls -- Single/Multiple Policies???
Index(es):
- Date
- Thread