best way to manage gateway

[breakdan]

hi all,

which is (your opinion) best way to manage several gateway with one mgnt?

Is possible to have different policy to load in mgnt for some gateway and, if i need to change policy in other gateways, to open another file anche push policy to these ones?

If yes do you thing is better have a big policy rule with a lots of GW or have different policy smaller (some for GW A/B,E/F anche other for GW C/D,G/H)?

thk a lot and have nice day.

Dan

[RayPesek]

I think it's best to keep it simple to reduce the chance of making mistakes. I'd create a separate policy for each firewall, named in a distinct way so you don't accidentally modify the wrong one. Always set the "Install On" cell with the name of the firewall instead of using "policy targets". That will help keep you from editing the wrong one as well.

If you do try to push policy "A" to firewall "B", FW-1 will warn you that you are about to install a policy with a different name.

Ray

[rokudan]

I'd also recommend selecting installation targets specific to that policy.

In the policy for firewall1 go to the menu up top, Policy>Policy Installation Targets and add only firewall1 to the right side.

In the policy for firewall2 go to the menu up top, Policy>Policy Installation Targets and add only firewall2 to the right side.

etc etc...

[cciesec2006]

That's what we are doing at my current employment. We use a single
CMA to manage about 30 firewalls, 10 clusters and 10 singles, which works
out quite well so far.

[breakdan]

tnk a lot all for useful suggestions

Dan