[c-nsp] Hardware for 'managed firewall'
Ryan West
rwest at zyedge.com
Wed Sep 30 23:09:43 EDT 2009
Great stuff Ge. Thanks for the valuable framework.
-ryan
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ge Moua
Sent: Wednesday, September 30, 2009 10:39 PM
To: Scott Granados
Cc: Cisco NSP ((E-mail))'
Subject: Re: [c-nsp] Hardware for 'managed firewall'
we have about 25 production FWSMs on our campus with the 250-context
license per blade; if you do the math we can spin up theoretically 6,250
virtual firewalls; as such we do use standardize policy templates in
order to centralize the production firewall environment; drawback with
this is that using standard policy templates does not allow for super
granular ruleset; most customers are ok with this; others just choose to
write their own policies; we also offer both options of the ASDM gui &
IOS clie; many customers do prefer the ASDM gui.
See following URL for our standard firewall policy templates; nothing
really NDA or proprietary; just a lot time between 10 or so firewall and
security SMEs who tried to put together a comprehensive base security
policy template; you can pretty much copy & paste this into a running
cisco firewall and you're set to go:
https://netfiles.umn.edu/users/moua0100/UMN_CENTRAL_FIREWALL_SERVICE/
Regards,
Ge Moua | Email: moua0100 at umn.edu
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
Scott Granados wrote:
> GUI is for the weak!
> ----- Original Message ----- From: "David Hughes" <david at hughes.com.au>
> To: "Justin Shore" <justin at justinshore.com>
> Cc: "Cisco NSP ((E-mail))'" <cisco-nsp at puck.nether.net>
> Sent: Wednesday, September 30, 2009 5:02 PM
> Subject: Re: [c-nsp] Hardware for 'managed firewall'
>
>
>>
>> On 30/09/2009, at 11:06 PM, Justin Shore wrote:
>>
>>> You should really take a look at the new ADSM releases for the
>>> FWSMs. It's actually pretty good. You have full control of all
>>> contexts if you aim ADSM at the admin context. Of course I never
>>> use the GUI anyway so what does that matter?
>>
>> My focus has been on centralised policy management for many hundreds
>> of contexts. Each context must inherit standard ACL entries for our
>> monitoring or backup systems etc. Don't care about GUI based
>> management per se.
>>
>>
>>> We supply crypto in our 7600s for the data center with SSC-400 2G
>>> IPSec SPAs. Now if you want to talk about a funky LC, let's talk
>>> about those damn things.
>>
>> Sounds ugly. As they say in the classics - "Good luck with that
>> one" :)
>>
>>
>> David
>> ...
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list