Re: Options for 50+ firewall deployment

From: Alec (alec_at_nospam.com)
Date: 07/08/04 

Date: Thu, 08 Jul 2004 15:04:32 GMT

"tonesurfer" <tonesurfer@hotmail.com> wrote in message
news:58915b8c.0407080556.21ae1656@posting.google.com...
> We will be installing 50 or more internal firewalls to protect critial
> portions of our network. The hope is to manage them all centrally with
> a very small team (ie 3 people or so). I've some experience with
> Checkpoint and only grazed PIX. What firewalls lend themselves to
> installation such as this? Obviously management and maintnance of the
> firewalls is high on our list with scalability to large numbers of
> devices being key. I know Checkpoint's management scheme maxes out
> well below our number of firewalls (at least it did with CP 4.1/2000).
> What of PIX device manager and Symantech's offerings?

You might want to look at Juniper/NetScreen. They have a centralized
management platfom that can easily handle 50 firewalls (scales up to 1000 in
the current version). See:
<http://www.juniper.net/products/integrated/d***/ds_security_manager.pdf>.
It's not just for pushing out firewall rulesets either, you can perform
hardware device configuration (physical port assignments, security zone
assignments, routing table configuration, network screening options,
manageability options, etc.), you can configure VPN topologies
(hub-and-spoke, peer-to-peer, etc.), you can centralize your logging and
reporting, etc. The next release will also serve as a centralized management
platform for their Intrusion Detection and Prevention (IDP) product line.

Quantcast