> -----Original Message-----
> From: Bill McGee [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 7:51 AM
> To: safieradam; Ben Nagy; 'Michael Janke'; [EMAIL PROTECTED]
> Subject: Re: More PIX vs. Firewall-1. Comments welcome.
>
>
> BTW, The Cisco Secure Policy Manager will allow you to manage
> up to 500 PIX
> firewalls from a single GUI management interface, as well as
> VPNs, IDS, and
> more. Not sure why people keep harping on the one-at-a-time
> management
> issue for the PIX, as we've had this covered for some time now.
Probably because it's not well known that CSPM can do this? Tell me more.
Can you track config differences between all firewalls? Can you roll out an
ACL policy that will automatically guess the right values ($INSIDE_NETWORK,
$OUTSIDE_NAT_MAPPING_1 etc) and apply on all firewalls? Can you access
everything that is configurable from the CLI (sysopt stuff, particularly)?
Will it do change control on a proactive basis (Firewall 52 has changed
config! Reset to archived config?)
Note that I'm not asking these questions in comparison to any commercial
software I've seen, they're just some things that I think a tool like this
should be able to do.
> At 06:03 PM 9/17/2001 -0400, safieradam wrote:
> >Ben makes good points about centralized management.
Strictly speaking, the only point I was making is that I didn't _know_ if
the rumours about a tool like CSPM were true. Oh, and that centralised
management was going to be important for a network that size.
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
