We help IT Professionals succeed at work.

PIX management

buyer
buyer asked
on
We are looking to get into management of PIX firewalls. Is there anything that can do remote (external) management of multiple PIX firewalls? I know they were working on something to compete with Checkpoint (Policy Manager) on but I dont know.
Comment
Watch Question

Commented:
The Cisco Secure Policy Manager is about as close as they come, but the weakness of the PIX has always been in distributed management
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
Pix Device Manager PDM is a java-based GUI for PIX version 6.x. It usses SSL and encryption, so you can administer it remotely. If you have SmartNet, this is a free option.

Author

Commented:
lrmoore, do you know if device manager will allow you to configure all rules and anything that you can do at the command line? I also need to be able to push policies.
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
You can do almost everything from the PDM, except manage VPN's/IPSEC and access-lists assigned to nat 0. For anything that does not have a GUI, there is a command line capability through the java interface. It lets you review all changes before writing them. Pretty cool graphs and charts available, too.

However, you cannot push policies. For that you would need the CSPM software (big $$ -- an unrestricted license is $15,000 list). If your business model is to manage other clients' PIX firewalls, then this could be a justifiable expense. Adding managed IDS sensors as an added value to the client side would be easier if you already have CSPM.

Author

Commented:
lrmoore, so whats the difference between Device Mgr and Policy manager? Can Policy Mgr do everything that Device Mgr can do or do I have to use both if I were to remotly manage a bunch of PIX's? I have also run accross a product from Solsoft (www.solsoft.com) that can do management (doesnt look like it can do VPN stuff though). Do you know anything about this product? Thanks.
Sr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008
Commented:
I don't know anything about the solsoft product, but their marketing says that it manages PIX..any idea what it costs?

PDM is a graphical user interface that runs on the PIX itself and only allows you to access and manage that one box.

Cisco Secure Policy Manger runs on a server and can be used to manage multiple PIX firewalls, router IOS firewalls, VPN's, and Intrusion Detection Sensors. It can dynamically block or shun intrusive traffic based on IDS signatures and push policies to multiple devices at once. It is truly a management platform for multiple devices.

Author

Commented:
Cool, Im downloading a 90 day trial right now. Version 2.3.1 I think. I see that version 3 is out but dont see any downloads for that version yet. I dont know how much the Solsoft product is. Probably less than the Cisco stuff though. One of your guys here tried it and said it was pretty good. After I try the Cisco stuff Ill call Solsoft and get a demo. Thanks for the help.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.