Firewall Policy Mgt?
am 14.06.2006 22:18:34 von Gunther
Just got some Csco Pix 500s and the CSM software cannot perform the
policy mgt we were wanting, scale, dangling rules, and also manage our
CheckPoint firewalls. Any helpon any tools out there we can use?
Thanks
Re: Firewall Policy Mgt?
am 15.06.2006 16:14:08 von Reese
Hi Gunther,
Using multiple vendor solutions, do not think you will find one
management console solution to control all the different vendors'
products that meet your every business requirement.
You may find solutions that say they can, but advanced feature
configuration and other components will most likely only be configured
from the vendor's specific configuration tool - as you have already
found out.
Vendors tend to over promise and under deliver.
The best thing is to define your business requirements in detail, then
and only then can a possible solution be identified, and it may not
meet all of your requirements either.
You may wish to investigate - extraxi:
http://www.extraxi.com
as well as - netForensics:
http://www.netforensics.com
for future reference.
Sincerely,
Brad Reese
BradReese.Com - Cisco Network Engineer Directory
http://www.bradreese.com/network-engineer-directory.htm
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
USA & Canada: 877-549-2680
International: 828-277-7272
Fax: 775-254-3558
AIM: R2MGrant
Website: http://www.bradreese.com/contact-us.htm
Re: Firewall Policy Mgt?
am 15.06.2006 17:22:14 von Gunther
Thanks Brad, I'll check them out.
www.BradReese.Com wrote:
> Hi Gunther,
>
> Using multiple vendor solutions, do not think you will find one
> management console solution to control all the different vendors'
> products that meet your every business requirement.
>
> You may find solutions that say they can, but advanced feature
> configuration and other components will most likely only be configured
> from the vendor's specific configuration tool - as you have already
> found out.
>
> Vendors tend to over promise and under deliver.
>
> The best thing is to define your business requirements in detail, then
> and only then can a possible solution be identified, and it may not
> meet all of your requirements either.
>
> You may wish to investigate - extraxi:
>
> http://www.extraxi.com
>
> as well as - netForensics:
>
> http://www.netforensics.com
>
> for future reference.
>
> Sincerely,
>
> Brad Reese
> BradReese.Com - Cisco Network Engineer Directory
> http://www.bradreese.com/network-engineer-directory.htm
> 1293 Hendersonville Road, Suite 17
> Asheville, North Carolina USA 28803
> USA & Canada: 877-549-2680
> International: 828-277-7272
> Fax: 775-254-3558
> AIM: R2MGrant
> Website: http://www.bradreese.com/contact-us.htm
Re: Firewall Policy Mgt?
am 15.06.2006 18:51:40 von roberson
In article <1150316314.403221.253470@c74g2000cwc.googlegroups.com>,
Gunther wrote:
>Just got some Csco Pix 500s and the CSM software cannot perform the
>policy mgt we were wanting, scale, dangling rules, and also manage our
>CheckPoint firewalls. Any helpon any tools out there we can use?
I suggest you examine www.solsoft.com . The paper specs on
their policy manager product are very attractive, but I have not
had a chance to experiment with their product [and I work on
completely different kinds of work now, so it may be some time before
I could give it a go-over myself.]
Re: Firewall Policy Mgt?
am 15.06.2006 19:29:29 von Gunther
Gracias, I'm looking at their site now, I'll post my findings for
anyone else interested as well. -G
Walter Roberson wrote:
> In article <1150316314.403221.253470@c74g2000cwc.googlegroups.com>,
> Gunther wrote:
> >Just got some Csco Pix 500s and the CSM software cannot perform the
> >policy mgt we were wanting, scale, dangling rules, and also manage our
> >CheckPoint firewalls. Any helpon any tools out there we can use?
>
> I suggest you examine www.solsoft.com . The paper specs on
> their policy manager product are very attractive, but I have not
> had a chance to experiment with their product [and I work on
> completely different kinds of work now, so it may be some time before
> I could give it a go-over myself.]
Re: Firewall Policy Mgt?
am 15.06.2006 21:04:39 von Reese
Gunther,
This Cisco Packet Magazine Article just came out today.
Winning the Security Game - The Final Pieces in a Fully Deployable
Self-Defending Network:
http://www.nxtbook.com/nxtbooks/cisco/packet-2q-06/index.php ?startpage=59
------------------------------------------------------------ -
Key Cisco Contact Information from this new article:
Mr. Calvin Chai
Product Marketing Manager for the Cisco Security Management Suite
Email: cchai at cisco.com
Mr. Jeff Platon
Vice President of Cisco Security and Application Market Management
Email: jplaton at cisco.com
Mr. Joel McFarland
Senior Manager of the Cisco Security Technology Group
Email: jmcfarla at cisco.com
Mr. Pete Davis
Product Line Manager for Cisco Remote Access VPNs
Email: pdavis at cisco.com
------------------------------------------------------------ -
Key Cisco Website Links from this new article.
Cisco Security Management Suite:
http://www.cisco.com/en/US/netsol/ns647/networking_solutions _package.html
Cisco ASA 5500 Series Adaptive Security Appliances:
http://www.cisco.com/en/US/products/ps6120/index.html
Cisco Adaptive Security Device Manager:
http://www.cisco.com/en/US/products/ps6121/index.html
------------------------------------------------------------ -
Hope this helps.
Brad Reese
Cisco Repair
http://www.bradreese.com/cisco-big-iron-repair.htm
Re: Firewall Policy Mgt?
am 15.06.2006 21:26:00 von Gunther
hey, everything is helpful, much appreciated! -G
www.BradReese.Com wrote:
> Gunther,
>
> This Cisco Packet Magazine Article just came out today.
>
> Winning the Security Game - The Final Pieces in a Fully Deployable
> Self-Defending Network:
>
> http://www.nxtbook.com/nxtbooks/cisco/packet-2q-06/index.php ?startpage=59
>
> ------------------------------------------------------------ -
>
> Key Cisco Contact Information from this new article:
>
> Mr. Calvin Chai
> Product Marketing Manager for the Cisco Security Management Suite
> Email: cchai at cisco.com
>
> Mr. Jeff Platon
> Vice President of Cisco Security and Application Market Management
> Email: jplaton at cisco.com
>
> Mr. Joel McFarland
> Senior Manager of the Cisco Security Technology Group
> Email: jmcfarla at cisco.com
>
> Mr. Pete Davis
> Product Line Manager for Cisco Remote Access VPNs
> Email: pdavis at cisco.com
>
> ------------------------------------------------------------ -
>
> Key Cisco Website Links from this new article.
>
> Cisco Security Management Suite:
>
> http://www.cisco.com/en/US/netsol/ns647/networking_solutions _package.html
>
> Cisco ASA 5500 Series Adaptive Security Appliances:
>
> http://www.cisco.com/en/US/products/ps6120/index.html
>
> Cisco Adaptive Security Device Manager:
>
> http://www.cisco.com/en/US/products/ps6121/index.html
>
> ------------------------------------------------------------ -
>
> Hope this helps.
>
> Brad Reese
> Cisco Repair
> http://www.bradreese.com/cisco-big-iron-repair.htm
Re: Firewall Policy Mgt?
am 19.06.2006 16:29:35 von znud
Try Stonewall Networks. Not as fancy GUI as Solsoft and not the
portfolio of devices that they support but much better UI and scale.
Hope this helps, we use it at our MSP.-Mike
Gunther wrote:
> hey, everything is helpful, much appreciated! -G
> www.BradReese.Com wrote:
> > Gunther,
> >
> > This Cisco Packet Magazine Article just came out today.
> >
> > Winning the Security Game - The Final Pieces in a Fully Deployable
> > Self-Defending Network:
> >
> > http://www.nxtbook.com/nxtbooks/cisco/packet-2q-06/index.php ?startpage=59
> >
> > ------------------------------------------------------------ -
> >
> > Key Cisco Contact Information from this new article:
> >
> > Mr. Calvin Chai
> > Product Marketing Manager for the Cisco Security Management Suite
> > Email: cchai at cisco.com
> >
> > Mr. Jeff Platon
> > Vice President of Cisco Security and Application Market Management
> > Email: jplaton at cisco.com
> >
> > Mr. Joel McFarland
> > Senior Manager of the Cisco Security Technology Group
> > Email: jmcfarla at cisco.com
> >
> > Mr. Pete Davis
> > Product Line Manager for Cisco Remote Access VPNs
> > Email: pdavis at cisco.com
> >
> > ------------------------------------------------------------ -
> >
> > Key Cisco Website Links from this new article.
> >
> > Cisco Security Management Suite:
> >
> > http://www.cisco.com/en/US/netsol/ns647/networking_solutions _package.html
> >
> > Cisco ASA 5500 Series Adaptive Security Appliances:
> >
> > http://www.cisco.com/en/US/products/ps6120/index.html
> >
> > Cisco Adaptive Security Device Manager:
> >
> > http://www.cisco.com/en/US/products/ps6121/index.html
> >
> > ------------------------------------------------------------ -
> >
> > Hope this helps.
> >
> > Brad Reese
> > Cisco Repair
> > http://www.bradreese.com/cisco-big-iron-repair.htm
Re: Firewall Policy Mgt?
am 19.06.2006 21:54:13 von Gunther
Thanks again. We'll try anything. The point solutions do not seem to
work as we hoped, so thanks to all. -G
znud wrote:
> Try Stonewall Networks. Not as fancy GUI as Solsoft and not the
> portfolio of devices that they support but much better UI and scale.
> Hope this helps, we use it at our MSP.-Mike
> Gunther wrote:
> > hey, everything is helpful, much appreciated! -G
> > www.BradReese.Com wrote:
> > > Gunther,
> > >
> > > This Cisco Packet Magazine Article just came out today.
> > >
> > > Winning the Security Game - The Final Pieces in a Fully Deployable
> > > Self-Defending Network:
> > >
> > > http://www.nxtbook.com/nxtbooks/cisco/packet-2q-06/index.php ?startpage=59
> > >
> > > ------------------------------------------------------------ -
> > >
> > > Key Cisco Contact Information from this new article:
> > >
> > > Mr. Calvin Chai
> > > Product Marketing Manager for the Cisco Security Management Suite
> > > Email: cchai at cisco.com
> > >
> > > Mr. Jeff Platon
> > > Vice President of Cisco Security and Application Market Management
> > > Email: jplaton at cisco.com
> > >
> > > Mr. Joel McFarland
> > > Senior Manager of the Cisco Security Technology Group
> > > Email: jmcfarla at cisco.com
> > >
> > > Mr. Pete Davis
> > > Product Line Manager for Cisco Remote Access VPNs
> > > Email: pdavis at cisco.com
> > >
> > > ------------------------------------------------------------ -
> > >
> > > Key Cisco Website Links from this new article.
> > >
> > > Cisco Security Management Suite:
> > >
> > > http://www.cisco.com/en/US/netsol/ns647/networking_solutions _package.html
> > >
> > > Cisco ASA 5500 Series Adaptive Security Appliances:
> > >
> > > http://www.cisco.com/en/US/products/ps6120/index.html
> > >
> > > Cisco Adaptive Security Device Manager:
> > >
> > > http://www.cisco.com/en/US/products/ps6121/index.html
> > >
> > > ------------------------------------------------------------ -
> > >
> > > Hope this helps.
> > >
> > > Brad Reese
> > > Cisco Repair
> > > http://www.bradreese.com/cisco-big-iron-repair.htm
Re: Firewall Policy
am 31.03.2008 20:39:01 von Jens Hoffmann
> (1) What will be size of the firewall policy for an enterprise
> network.
Depends on the needs of the specific enterprise.
Can be between 1 or 2 rules to hundreds of rules and a couple of firewalls
with different rules each.
> (2) What rules in general contain in the rule set i.e., accept. or
> deny
A sensible decision would be to deny any communication which is not
explicitly allowed and wanted.
> (3) What are rules which are at the top of the rule set and which one
> are the end of the rule set,
You are implying a precedence in ordering the rules, which might not
be present in all firewalls.
> (4) and why the rules at the bottom of the ruleset have the lowest
> priority than the rules at the top of the ruleset.
Many firewalls only process the rules top to bottom until they
find a match and then stop processing.
Again, this might not be true for all firewalls.
I personally like: ISBN-13: 978-0201634662 as an introductional book.
Cheers,
Jens