Re: Centrally managed firewalls

[Holger Kipp <holger.kipp () alogis com>]

Jan van Rensburg wrote:
> Hi,
>
> Does anyone know of a firewall solution for multiple firewalls at
> diverse geographic locations? Say we have locations A, B and C all
> connected by leased lines. Each location has a LAN, DMZ and maybe some
> other zones. You want all the LANs to be able to communicate with each
> other without restriction and only make connections to other places on
> the Internet according to a couple of rules. Apart from that each
> firewall will have its own rules about what to allow to the DMZ, for
> example. I want all the firewalls to be managed from a central location
> that pushes new rules to the firewalls. Does anyone have experience with
> something like this?

firewall-1 from checkpoint can do that.

on a cheaper basis, I'd say one can always administrate a firewall from a
remote point, provided you have console access - eg via dialin - just in
case you blocked yourself out. This is of course necessary for every
solution ;-)

if you need a symmetric solution, you could even script this to generate
all rules for all firewalls, distribute the rules and reload them on all
machines... (eg if you want an ipsec-tunnel between the internal lans, and
you have lots of locations - unless you have a central location that all
the other locations connect to)

Regards,
Holger


-- 
Holger Kipp, Dipl.-Math., Systemadministrator  | alogis AG
Fon: +49 (0)30 / 43 65 8 - 114                 | Berliner Strasse 26
Fax: +49 (0)30 / 43 65 8 - 214                 | D-13507 Berlin Tegel
email: holger.kipp () alogis com                  | http://www.alogis.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards