|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Managing a lot of firewalls
Greg, Sorry I missed the followup message. I still don't think you should run Provider despite others suggestions because of the high cost. If you can afford it, great, but not many can. To see how to replicate your objects over to multiple servers, do a search at http://www.phoneboy.com for "exporting firwall objects". You can also check the downloads section as they have a script that will dump the objects.c file into a more readable format. As per replicating your rulebase over. I don't even know if it's possible. I've never tried. My recommendation was to copy the objects.c file over so you don't have to recreate the objects on each management server. If you only have one management server this isn't necessary. Given the amount of firewalls you want to manage I'd definately advise you to go with at least a couple management servers located in different areas geographically for redundancy. The pain is you would have to replicate the objects.c file any time you made a change to the objects. Either that or remember to make changes to all management servers anytime there is a change made. I'll agree with Aylton. It's definately a pain in the butt. I just don't know any other way to do it. A lot of this depends on your situation. If your not making a lot of firewall changes and your network topology doesn't change often, this might be the easiest solution for you. Frequent changes could be more of a headache than your willing to deal with and you might be better off trying to get all your firewalls to run on one management server or getting the exec's to drop the cash for Provider-1. Regards, Jason Stout ------Original Message------ From: "Aylton Souza, CISSP" <[email protected]> To: Jason Stout <[email protected]>, Greg Winkler <[email protected]> Sent: April 25, 2001 4:57:13 AM GMT Subject: Re: [FW1] Managing a lot of firewalls Guys, I have been through this before and my suggestion is: Don't do that unless you have a full unlimited license for aspirins and coffee. :) Best wishes Aylton ----- Original Message ----- From: "Greg Winkler" <[email protected]> To: "Jason Stout" <[email protected]> Cc: <[email protected]>; <[email protected]> Sent: Tuesday, April 24, 2001 12:29 PM Subject: RE: [FW1] Managing a lot of firewalls > > > Jason, > > Could you elaborate on the suggestion to replicate the objects.c file > around? If I get the gist of what you suggest I would have one objects.c > file with all my network objects defined in it and have to manually move it > between several management stations? I would assume that I'd have to do the > same with my rulebase as well. Scares the hell out of me! > > -------------------------------------------------------------------------- -------------- > > Greg Winkler > Systems Manager, IT&S > Huntsman Corporation > Internet Mail: [email protected] > Voice:> Fax:> > > > > Jason Stout <[email protected]> > Sent by: To: Greg Winkler/US/HO/HUNTSMAN@HUNTSMAN > [email protected] cc: [email protected] > kpoint.com Subject: RE: [FW1] Managing a lot of firewalls > > > 04/21/2001 02:12 AM > > > > > > > With Provider each management client will have thier own objects. > Your essentially giving each customer or access point in your > case, thier own management stations. I don't think this would be > a good solution for what your looking to do. > > I'd suggest running all your firewalls on a couple of management > servers and replicate the objects.c to the other management > servers. > > -jason > > ------Original Message------ > From: "Greg Winkler" <[email protected]> > To: [email protected] > Sent: April 20, 2001 7:27:20 PM GMT > Subject: [FW1] Managing a lot of firewalls > > > > A suggestion has been made that we move to an Internet access model that > involves firewalls and ISP connection points at many of our locations, > mostly in Europe. Can't give you an exact number but I would guess we are > talking about 30 or so firewalls. > > How would one manage so many? Right now we've got only 4 and management is > fairly simple using and Enterprise license. Can a single management station > manage 30 plus firewalls. I would expect probably not. What are the > options? I've heard of Provider-1, would that allow me to "manage" multiple > management stations such that I would still only have one set of network > objects and rulebase to maintain? Does it work well? > > > -------------------------------------------------------------------------- -------------- > > > Greg Winkler > Systems Manager, IT&S > Huntsman Corporation > Internet Mail: [email protected] > Voice:> Fax:> > > > > ============================================================================ ==== > > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > > > ----------------------------------------------- > FREE! The World's Best Email Address @email.com > Reserve your name now at http://www.email.com > > > > > ============================================================================ ==== > > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > > > > > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > ----------------------------------------------- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
