Greetings!
Rowton, Mitchell wrote:
> Does anyone have any experience with large scale Checkpoint FW
> Implementation, over 100?
I assume >100 machines, scattered all over the country/world?
Well, not THAT many, but a number, yes...
> Would someone with this kind of experience mind talking to me
> about the architecture/support/staffing/etc... Offline or online? I'm just
> looking to increase my comfort level with this before implementation.
Some points here (unstructured):
NEVER switch simultaneously. Else you won't be able to detect on what
went wrong where.
Start slowly - only one change per day. Best, even slower. Then increase
speed. You'll need the time to detect faults and roll them back, quirks
in your routine, to get the specialists get into routine, etc.
Organization: ONE (in numbers: *1*) person/team who is in charge, who
can decide on go, no-go or back. And who has backing/order from high
company management to override local decisions (e.g. the common "now
would be not so good" just when the specialist arrived at the place as
agreed before). Don't forget to assign a substitute in case #1 gets ill.
Keep the central FW management(s) and customer UHDs updated on the
changes, delays. Always.
If you have a number of machines available (e.g. for replacement) - try
to make use of them. Prepare the replacements, ship them to the places,
let them be replaced, for tests and let the replaced ship back for the
next circle. This way you
- reduce downtime (quite a bit)
- can remotely handle quite a number of standard situations
- have backup machines in/at place in case of won't-work
Important: do not only design a number of standard tests, but have
people/users (assiged) to do tests for you. Especially important ERP
systems tend to break because of well hidden dependencies - and standard
IT crew is not really able to check all its important modules. Organize
a testing plan for each and every location. The FW specialist must not
leave before everyone gave their O.K.
Schedule - but try to get as independendent from other machine switches
as possible. There will be delays and unforeseen problems. Usually I'd
suggest: start with some small (& not as important) implementations to
flatten out kinks and get into the routine, then slowly switch main
nodes (to have some time left to finalizing date in case something went
wrong) and then roll out the remaining mass at ever-increasing routine
(i.e.: speed).
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstra�e 100
D-10997 Berlin
fon +49 30 6104-3307
fax +49 30 6104-3461
[EMAIL PROTECTED]
http://www.discon.de/
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
