<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div><div><div>I have used the Watchguard XTM range with their centralised management server for both policies, logging and reporting. The largest implementation I worked on was for around 60 XTM's with a wide array from the SoHo user right up to the hosting datacenter level.</div><div><br></div><div>Currently I have a similar setup again with Watchguard with 14 XTM5 / XTM8 firewalls globally managed by a centralised policy and management server.</div><div><br></div><div>Disclamer: I am a customer and have no affiliation with Watchguard or any of their resellers.</div><div><br></div><div>Regards</div><div><div><div><span class="Apple-style-span" style="font-size: 15px; -webkit-border-horizontal-spacing: 5px; -webkit-border-vertical-spacing: 5px; "><b><span style="font-size: 10pt; color: rgb(51, 51, 51); ">Shane </span></b></span><span class="Apple-style-span" style="font-size: 15px; -webkit-border-horizontal-spacing: 5px; -webkit-border-vertical-spacing: 5px; "><span style="font-size: 10pt; color: rgb(102, 102, 102); "><b></b></span></span></div></div></div></div></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Paul Gear <<a href="mailto:ausnog@libertysys.com.au">ausnog@libertysys.com.au</a>><br><span style="font-weight:bold">Date: </span> Monday, 13 August 2012 9:07 PM<br><span style="font-weight:bold">To: </span> "<a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>" <<a href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>><br><span style="font-weight:bold">Subject: </span> Re: [AusNOG] Centralised firewall policy management - recommendations?<br></div><div><br></div><div><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div bgcolor="#FFFFFF" text="#000000"><div class="moz-cite-prefix">On 10/08/12 15:39, Paul Gear wrote:<br></div><blockquote cite="mid:50249E7D.3020100@libertysys.com.au" type="cite"><meta http-equiv="Context-Type" content="text/html;
charset=ISO-8859-1">
Hi everyone,<br><br>
After my last question about configuration management best practices, i hope i'm on more well-trodden ground asking this one...<br><br>
What do you use for centralised firewall management in a "typical" medium-large enterprise with numerous branch offices, a head office, and separate data centre & DR premises?<br><br>
Here are a few extra questions around the topic to get the discussion rolling:<br><ul><li>Do you manage firewall settings centrally for a network of 50+ firewalls (most of which are small branch office units)?
</li><li>Do you use the same vendor's solution for both physical and virtual firewalls?
</li><li>Do you use any policy "console" or similar software package to manage multiple firewalls?
</li><li>Are data centre/head office environments different enough to branch offices that you wouldn't use the same type of firewall? (Scale concerns aside.)
</li><li>Are there any vendors out there who have a different take on centralised firewall management to what might be considered "industry standard"?
</li><li>If affordability is a concern, does it change your answers to the above?<br></li></ul><p>Thanks in advance,<br>
Paul<br></p></blockquote><br>
Obviously my timing was poor in sending this on Friday afternoon while everyone was at their long lunch.<br><br>
Surely someone has some war stories or success stories to share?<br><br>
Paul<br></div></div></span><font face="monospace">This message and any attachments is intended for the addressee named and may contain confidential information. If you are not the intended recipient please delete the email and notify the sender.</font></body></html>