[AusNOG] Centralised firewall policy management - recommendations?

Shane O'Neill soneill at tourism.australia.com
Mon Aug 13 21:50:55 EST 2012 

I have used the Watchguard XTM range with their centralised management server for both policies, logging and reporting. The largest implementation I worked on was for around 60 XTM's with a wide array from the SoHo user right up to the hosting datacenter level.

Currently I have a similar setup again with Watchguard with 14 XTM5 / XTM8 firewalls globally managed by a centralised policy and management server.

Disclamer: I am a customer and have no affiliation with Watchguard or any of their resellers.

Regards
Shane

From: Paul Gear <ausnog at libertysys.com.au<mailto:ausnog at libertysys.com.au>>
Date: Monday, 13 August 2012 9:07 PM
To: "ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>" <ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>>
Subject: Re: [AusNOG] Centralised firewall policy management - recommendations?

On 10/08/12 15:39, Paul Gear wrote:
Hi everyone,

After my last question about configuration management best practices, i hope i'm on more well-trodden ground asking this one...

What do you use for centralised firewall management in a "typical" medium-large enterprise with numerous branch offices, a head office, and separate data centre & DR premises?

Here are a few extra questions around the topic to get the discussion rolling:

 *   Do you manage firewall settings centrally for a network of 50+ firewalls (most of which are small branch office units)?
 *   Do you use the same vendor's solution for both physical and virtual firewalls?
 *   Do you use any policy "console" or similar software package to manage multiple firewalls?
 *   Are data centre/head office environments different enough to branch offices that you wouldn't use the same type of firewall?  (Scale concerns aside.)
 *   Are there any vendors out there who have a different take on centralised firewall management to what might be considered "industry standard"?
 *   If affordability is a concern, does it change your answers to the above?

Thanks in advance,
Paul

Obviously my timing was poor in sending this on Friday afternoon while everyone was at their long lunch.

Surely someone has some war stories or success stories to share?

Paul
This message and any attachments is intended for the addressee named and may contain confidential information. If you are not the intended recipient please delete the email and notify the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120813/8ee5b2a4/attachment.html>

More information about the AusNOG mailing list