[AusNOG] Centralised firewall policy management - recommendations?

[Paul Gear]

Hi everyone,

After my last question about configuration management best practices, i
hope i'm on more well-trodden ground asking this one...

What do you use for centralised firewall management in a "typical"
medium-large enterprise with numerous branch offices, a head office, and
separate data centre & DR premises?

Here are a few extra questions around the topic to get the discussion
rolling:

  * Do you manage firewall settings centrally for a network of 50+
    firewalls (most of which are small branch office units)?
  * Do you use the same vendor's solution for both physical and virtual
    firewalls?
  * Do you use any policy "console" or similar software package to
    manage multiple firewalls?
  * Are data centre/head office environments different enough to branch
    offices that you wouldn't use the same type of firewall?  (Scale
    concerns aside.)
  * Are there any vendors out there who have a different take on
    centralised firewall management to what might be considered
    "industry standard"?
  * If affordability is a concern, does it change your answers to the above?

Thanks in advance,
Paul

P.S. Please start a new thread if you feel the need for a discussion on
"deperimeterization".  :-)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120810/cf4d54a8/attachment.html>