Firewall Wizards mailing list archives

Re: Firewall Placement Question

From: firewallwizards () kajtek org
Date: Fri, 22 Feb 2008 00:00:01 -0600 (CST)

I wonder about the labor required to pull this off for almost 200 servers
(and Microsoft applications are a bitch).  I fear it will be hell to
manage all the excpetions, ie. one user in a different building needs
access to a few administrative ports.  Not to mention that after it's done
we'll spend days trying to work out the bugs of things that 'should just
work' and effects of application upgrades that change ports.


You need to talk to your peers at other universities of simmilar size. I 
used to admin firewall for a simmilar sized institution (judging by the 
200 servers number), but they treated inside of their network as hostile 
environment, and required people to yield control and use internal 
firewall, arm themselves, or wait and suffer without complaining.

There were two firewalls, one took care of external links, plus internet 
related DMZs, the other protected ERP, cash, library systems, and whatever 
offices requested separation from the wide open inside, and agreed to be 
bound by the standard policy and SALs.

--
Marcin Antkiewicz
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: syslog and network management, (continued)
- - - Re: syslog and network management david (Feb 27)
    - Re: syslog and network management ArkanoiD (Feb 29)
    - Re: syslog and network management Timothy Shea (Feb 29)
    - Re: syslog and network management Alejandro Ezequiel Fernández Preda (Feb 21)
    - Re: syslog and network management Dave Piscitello (Feb 22)
    - Re: syslog and network management Brian Loe (Feb 22)
    - Re: syslog and network management Brian Loe (Feb 22)
  - Firewall Placement Question jason (Feb 21)
    - Re: Firewall Placement Question Aniket S. Amdekar (Feb 22)
    - Re: Firewall Placement Question Dan Lynch (Feb 22)
    - Re: Firewall Placement Question firewallwizards (Feb 22)
    - Re: Firewall Placement Question J. Oquendo (Feb 22)
    - Re: Firewall Placement Question Marcus J. Ranum (Feb 22)
    - Re: Firewall Placement Question Richard Golodner (Feb 22)
    - Re: Firewall Placement Question Darden, Patrick S. (Feb 22)
    - Re: Firewall Placement Question Dale W. Carder (Feb 22)