- Posts: 6
- Thank you received: 0
Anyone else running Cisco [Firewalls] in larger networks ?
16 years 4 months ago #26664
by Hyaloid
Dear Firewall / Network admins..
How do you enforce global standards troughout your company ?
Enforcing an initial device standard is ofcourse no problem but over the years your standard will always change..
Doing device by device management for quite a few years i really gotta admit that i tend to forget some devices that tend to get outdated.
Like our small 2man office in Kuwait i simply forget that we have it and the firewall rules arent updated with the latest shun list or allowing the latest company product (no offence to ppl from Kuwait
)
With a hectic day you always tend to get disturbed when doing the updates and I forget to update them all..
when i talk to ppl in the same business they seem to have the same challenges.
Anyone out there with good routines for enforcing this ? I cant use the same access-lists on all offices since they all have local exceptions.
I've tried using Cisco Security Manager (also latest 3.2 SP2). The cisco sales people say they dont understand my problem stating that this is what CSM is made for.. How can you manage a firewall with 2000+ lines of access-lists in the CSM views ?
It's soo darn messy that i always fall back to using CLI and simply grep the rules with what im looking for like "sh access-list acl_inbound | in 195.10.90.5" instead.
Anyone using CSM to enforce policies in larger networks ?
What are your views on CSM ? Also do anyone have any good alternatives to CSM ?
(yeah i envy the Checkpoint guys for the GUI but i dont envy them the effective rulesets the admins tend to produce.. go figure
)
How do you enforce global standards troughout your company ?
Enforcing an initial device standard is ofcourse no problem but over the years your standard will always change..
Doing device by device management for quite a few years i really gotta admit that i tend to forget some devices that tend to get outdated.
Like our small 2man office in Kuwait i simply forget that we have it and the firewall rules arent updated with the latest shun list or allowing the latest company product (no offence to ppl from Kuwait
)With a hectic day you always tend to get disturbed when doing the updates and I forget to update them all..
when i talk to ppl in the same business they seem to have the same challenges.
Anyone out there with good routines for enforcing this ? I cant use the same access-lists on all offices since they all have local exceptions.
I've tried using Cisco Security Manager (also latest 3.2 SP2). The cisco sales people say they dont understand my problem stating that this is what CSM is made for.. How can you manage a firewall with 2000+ lines of access-lists in the CSM views ?
It's soo darn messy that i always fall back to using CLI and simply grep the rules with what im looking for like "sh access-list acl_inbound | in 195.10.90.5" instead.
Anyone using CSM to enforce policies in larger networks ?
What are your views on CSM ? Also do anyone have any good alternatives to CSM ?
(yeah i envy the Checkpoint guys for the GUI but i dont envy them the effective rulesets the admins tend to produce.. go figure
)
Time to create page: 0.116 seconds