Hi everyone, I have a question regarding managing policies among multiple sets of firewalls. I don't know what industry standard / best practice is for managing rules among multiple devices.
Currently our office has an srx cluster, site A has an edge srx cluster and core srx cluster, and site B has an edge srx cluster and core srx cluster. The edge srx clusters generally interface with border routers or providers directly, IPSEC, DMZ and any outbound 3rd party web filter redirects etc. The core srx clusters handle firewalling between our different environments. Separating search engines, databases, web servers, etc etc. I don't know what the best way to manage the firewall rules is between these sites. I don't think its sustainable to write the same rule on site A core, site A edge, site B edge, site B core. And then managing the address book entries on every device also becomes a hassle, making sure its all synchronized etc. Is there a better method of doing this? I don't even want to think about what happens if I want traffic from the office to route through site A in order to reach site B in the event of a VPN issue between the office and site B directly. Is there a good method for keeping these things managed, like only having the edge firewall for site A manage incoming connections, and let the other sites edge firewall deal with site A's outgoing connections, etc? I'm a mess. If we add two more sites my head might explode. Morgan _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp