Re: [fw-wiz] Coding a custom firewall manager for multiple firewall brands. Feasible?
- From: Marcin Antkiewicz <firewallwizards@xxxxxxxxxx>
- Date: Wed, 1 Jul 2009 00:54:58 -0500
I'd just recently got an extra job role as a firewall administrator and I'm
faced with a network that consists of multitudes of firewall brands (nokia,
sidewinder etc. ) bulging with almost 3000+ rules. The networks are also
segmented and structured in such a way that adding a new path from one host
to another services requires multiple entries into various firewalls that
are in the path. As the requests for new connectivity come in hundreds or
more per week, I feel that the current implementation is not really
scalable. (manual data entries into firewalls and fight-fire
I am in a similar situation, with an environment that has more
firewalls than sensible
people will report as a count of their fw rules.
Form my experience, you will find software that will analyse the
aggregate of your
ruleset without _much_ trouble. Tuffin, FireMon, BMC Patrol, yada
yada. Some are better,
some are crufty but, if your goal is to get "rule masking" or some
that will work fine.
Playbook seems quite nice for CLI managed devices, but they do not
Opsec CPMI promises remote access to the databases which, in theory
would allow 3rd
party rule management, but I was not able to find anyone who sells
such product. On the
other hand, my attempts to get LEA to work, and a few
less-than-vanilla upgrades destroyed
whatever hope I had for this fine product line (OPSEC and whatever
else comes from CheckPoint).
firewall-wizards mailing list
- Prev by Date: Re: [fw-wiz] Coding a custom firewall manager for multiple firewall brands. Feasible?
- Next by Date: Re: [fw-wiz] Coding a custom firewall manager for multiple firewall brands. Feasible?
- Previous by thread: Re: [fw-wiz] Coding a custom firewall manager for multiple firewall brands. Feasible?