Re: Recommendations on modeler/change manger for PIX & FWSM

[Brian Loe <knobdy () gmail com>]

> On 1/24/06, Cary, Kim <Kim.Cary () pepperdine edu> wrote:
> > Been watching the list with interest for about 6 months! Thanks for the good
> > discussion.
> >
> > We have several PIX & FWSM (PIX Blades) our team is managing. We've been
> > using PDM (Cisco's Java tool for managing PIX) for distributed
> > administration, but we've been getting tired of its shortcomings in
> > documenting our rules. Also, we'd like to find something that handles change
> > management (reporting, maybe rollback or state snapshots) and modeling (if
> > traffic from 'here' starts to go 'there' what does the firewall do).

I've implemented a perl script and SVN based solution here for
managing config changes - archiving/versioning them. Depending on
where the devices are located in relation to where you run the
scripts from it can wait to receive a trap stating the config has
changed or run from a cron job and go grab it. E-mail me off-list and
I'll give you what I've got.

Can't help with the rest - though you could, in theory, use these
scripts as a basis for creating new configs to upload programmaticly.
The perl modules available are pretty robust.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards