secure splat mgmt server

[dsb.nepo]

Hi all,

i would like to heare some meanings about relocate my splat mgmt from dedicated hw to ESX-Cluster.

The mgmt server is at the moment protected by the FW (direct connect with X-over cable). In case something happens the X-over can replaced with a small switch (one IP in the connect range has an entry in the gui-clients file).

If i relocate the mgmt into the ESX-Cluster i will loose this kind of protection but get all the benefits of the HA environment,with the advantage that other ESX-Admins can get (nearly phisical) access to the mgmt server.

My main question is about to protect the mgmt station with additional iptable, since the new network is also reachable for normal users.

Any suggestions/expirience ?

[chillyjim]

Why not just build out a new management network on the ESX for Check Point? Secure that and make sure the permission on the VM for the SmartCenter is locked down.

[dsb.nepo]

The comany was merged, every branch gets a limited IP space and the default routes at the network equipment are now pointed to mpls cloud.
The only networks without overlap is the ip range used for dmz networks.
mgmt network is also an overlap to important servers in the mpls cloud so i have to rebuild/reasign most everything.
Thanks for the tip, i will discuss to use one of the dmz networks as dedicated mgmt network at the ESX farm.