Michael: In my network, I have a single management server controlling numerous firewall clusters. Each cluster protects a different part of the network and therefore has different rules that it must enforce. For instance, some networks allow Citrix traffic to pass, while others only permit HTTP. I manage this with different rulebases and I set these up so that I can't accidentally install the wrong rulebase on the wrong firewall (I do this with the "install on" field in the policy). To manage everything with one single rulebase would be a nightmare. By separating them out, I can quickly look at a single rulebase and have a complete understanding of what is going on in each portion of my network. Nice, clean, easy. (Also, keep in mind that the longer your rulebase, the more overhead! You want a nice short rulebase with the most commonly accessed services at the beginning for the best performance). Joel At 09:37 AM 1/23/01 -0500, [EMAIL PROTECTED] wrote: > > >Those of you who have a central management station and multiple >firewalls, do you have one policy you push to all firewalls, or do you >have separate policies for each firewall? > >A VAR of mine strongly suggests separate policies for each firewall. > >I've always been under the impression that a single policy should be >able to be used for all firewalls. > >I'm looking for what the readers on this list do, and their opinions about >it. > >Thanks a lot... > >Michael Breton >Geiger >(207) 755-2338 > > > > >=========================================================================== ===== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >=========================================================================== ===== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
