I know how CheckPoint's Firewall-1 handles routers, but am unaware of other
software. CheckPoint's Firewall-1 speaks to Cisco, Bay Networks, and 3Com
for sure...perhaps others. Within the Firewall-1 management GUI, you can
simply define rules as you would for Firewall-1 and choose the appropriate
router in the field for where the rule will be installed. The router in
question must be defined as a network object, of course (as with anything
with which Firewall-1 interacts, controls or protects).
The FW-1 management module will actually telnet to the router and enter the
commands to create the appropriate ACLs, just as you would do manually. No
user interaction is necessary, and this become increasingly useful as an
enterprise gets larger with more and more routers and firewalls to manage.
What's really cool about this feature, is the FW-1 management module can
also download the current ACL configuration of a router. Using this
feature, you can quite simply pull down the ACL's from a Bay (for example)
into the FW-1 GUI ruleset and immediately push that same configuration down
to a 3Com or Cisco. Less than a minute or two and you've duplicated the
configuration across different routers without having to know the router
commands yourself.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
