Re: Managing multiple Cisco Pix's

[James Burns <james.burns () sunderland ac uk>]

Sorry, to clarify:

We will have two firewalls at either side of our campus serving the same 
internal network, but with different /external/ addresses - this is 
necessary because of the way that our provider has arranged things.

Each runs OSPF. Both units are, in effect, active - but no traffic will 
be passed via the "backup" until the primary goes down, because of the 
way that the routing is configured.

Cisco allows for active/active failover between Pix units, but ONLY if 
they are running multiple security contexts, and we do not do this, nor 
need to. What we're looking for is an elegant and preferably inexpensive 
way of keeping the ruleset up-to-date on both boxes without the need to 
manually edit on both every time a rule is added/amended.

Hope this makes things clearer!

James

Paul Melson wrote:
> > In effect we are going to end up with two separate devices, but that we
> >     
> will want to have matching rulesets 
>   
> > on. My question, therefore, is - what software is available for managing
> >     
> multiple Pix units, and (if you've 
>   
> > any experience of it) is it any good?
> >     
>
> Just to be clear, you are going to have 2 firewalls.  One through which all
> traffic will pass, and another through which no traffic will pass.  Until
> the former breaks, in which case all traffic will manually be switched over
> to the latter.  Correct so far?
>
> If you're comfortable with the command interface and manually editing
> configs (as opposed to using PDM from a web browser), then I would recommend
> Kiwi CatTools* for managing configurations. 
>
> PaulM
>
> * http://www.kiwisyslog.com/kiwi-cattools-overview/
>
>  
>
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards