Standalone advantages:
The management station can go down for backup or imaging and the firewall keeps right on working. My management is on Windows 2000 server and I routinely image it every two weeks. I can restore the image to any Intel hardware and make it work. I have sevearl backup images so I can go back and restore any part, like the CA, that I would need. I've never had to do it, though.
If it's all on one box, you have to tamper with the firewall if there is a management problem. Lose the firewall and you have lost all of your rules and objects and have to pray that your script-generated backups are good. You'll need to rebuild the gateway, patch it up and restore the backups, a time-consuming process. I just lost an IP120 due to a hard drive failure. We put the new one in, upgraded IPSO (downgraded from 3.8, actually), pushed the policy from the separate management station and we were back up in an hour from when we took it out of the box.
Logs are stored on the management station, reducing the workload, memory needs and disk space usage on the firewall.
If you're using Windows, you can have the GUI clients installed on it as well for convenience.
It's quite a bit more fault-tolerant as far as I'm concerned,
Ray
From: Alexander Simbun <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [FW-1] Deployement type Date: Sat, 27 Nov 2004 11:50:55 +0800
Hi, Just a general question about firewall deployment, what are advantages between standalone and distributed deployment for a firewall in a network?
Regards, Alex Simbun
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
