We'll that's not exactly what I am looking for. I can generate my rules
easily by hand, I need something that non-technical, policy-oriented people
can look at and see what is going on. As well as something to manage
changes. FW-Builder is a nice little tool but it is not what I am looking
for.
I will give Solsoft a try (I requested an evaluation) and let you all know
what are the results. On paper it appears that it does what I want.
Thanks for those who responded, on and off list.
Simon Thibaudeau
* simon.thibaudeau@loto-quebec.com
Thibaudeau Simon wrote:
We have a few PIXs that we currently manage by hand, saving
configs on
a TFTP and trying to keep up with the changes the best we can. We
bought Cisco's Firewall Management Console extension for CiscoWorks
and it does not do a very good job at keeping the configs
clean, much
like PDM is pretty crap at it too. Also the Firewall MC is
terrible in
terms of performance and change management. I wondered if
any of you
knew of a better solution to manage PIXs. Something in which a
security officer would be able to visualize the config easily (a la
PDM without all the changes and perverse effects it does)
as well as
keeping tabs on the changes that are made to the config. I
have read
here people talking about piping the config in a CVS and work from
there, that would work but also require an amount of coding
time that
I might not have (also the fact that I have never worked
with a CVS.)
Eventually we would like to have a change autorisation/validation
procedure that might be integrated too.
Is there any integrated solution that might do what I want?
Is there
any tools that might help me getting what I want?
you can try firewall builder using the pix addon module
(which you'll have to pay for) and generate configs for your
firewalls using a graphical interface which is very intuitive
(it resembles smartdashboard from checkpoint)
hth,
sin
