Re: [Fwbuilder-discussion] Management of 250 identical firewalls

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Jul 17, 2006, at 10:09 AM, Alexander Runge wrote:

> Henrik Woffinden wrote:
>> Hi,
>>
>> Is it possible to have manage 1 set of rules for 250 firewalls?
>> They have individual IP-adresses, but the same rules.
>>
>> If a rule is changed it must be done on all. And how do I install  
>> on all
>> without having to do the operation 250 times?
>>
>> Of course there will be 250 times setup with IP's, but I want  
>> management
>> to be easy.
>>
>
> Support for multiple installations by pressing one button is
> scheduled for release 2.1 -- at least as long as the login
> credentials are the same on all machines (or if you use
> public key auth).
>

yes, and you can try it using 2.1beta packages released recently.

However I do not think the bulk compile/install implemented in 2.1  
will fit the requirements. The new feature only affects the way you  
compile and install policy, but you still need 250 separate firewall  
objects, each of them having its own independent rule set.

It may be better to create one firewall object and mark all its  
interfaces as "dynamic", then build rules using firewall and  
interface  objects rather than their addresses if necessary. The  
compiler will generate script which will determine IP address of  
firewall's interfaces dynamically at a start time and will work on  
any of the 250 firewalls. You will need to script installation and  
activation on all these firewall machines yourself.
--vk

>
> Hth, Alex!!
>
>
> P.S.: I curious, what kind of setup would that be where you
> have identical rulesets on 250 machines?
>
>
> ---------------------------------------------------------------------- 
> ---
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Fwbuilder-discussion mailing list
> Fwb...@li...
> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
>
>
> !DSPAM:44bbc48916261166927923!
>