[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Multiple Firewalls -- Single/Multiple Policies???





Depends on your network architecture. If the firewalls are logically
related, and they enforce largely the same security policies, you're
probably better off using the same policy.

We've got one installation where there's a stack of network equipment, with
three distinct layers, with each layer separated by FW-1 clusters. Since
there's a large degree of commonality between the layers, it's much easier
to keep track of things using a single security policy. i.e., if the second
layer firewalls are providing services that will require client
authentication, the first layer must pass those services through. The
security policy has these rules next to each other (the "install on" field
determines which firewalls apply them) for easy reading.

Dave Grabowski
System Arts, [email protected]


                                                                                                                              
                    [email protected]                                                                                        
                    Sent by:                                    To:     [email protected]              
                    [email protected]        cc:                                                           
                    kpoint.com                                  Subject:     [FW1] Multiple Firewalls -- Single/Multiple      
                                                                Policies???                                                   
                                                                                                                              
                    01/23/2001 09:37 AM                                                                                       
                                                                                                                              
                                                                                                                              






Those of you who have a central management station and multiple
firewalls, do you have one policy you push to all firewalls, or do you
have separate policies for each firewall?

A VAR of mine strongly suggests separate policies for each firewall.

I've always been under the impression that a single policy should be
able to be used for all firewalls.

I'm looking for what the readers on this list do, and their opinions about
it.

Thanks a lot...

Michael Breton
Geiger================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================







================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================