[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

ISG management

Posted on 2009-07-05
3
Medium Priority
?
236 Views
Last Modified: 2013-11-16
I have around 10 remote site with 10 firewalls to apply management for all f/w which is better from the following:
1- manage from the assigned IP for the trust zone
2- advertising a management x.x.x.x/30 subnets in all routers for managing f/w
0
Comment
Question by:paintco
  • 2
3 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 1500 total points
ID: 24781357
Option 1 will mean that all access will need to come from the trust side, ie no remote mgmt, you will need to be either within the LAN or VPNed in.

Option 2 is possible but it a pain to manage, ie if any network changes take place, its a lot of work to manually update all of them.

Have you considered using mgmt software, ie Network and Security Manager (NSM)?  NSM comes into its own when you have around 10 devices to manage and especially if they are all ISGs, the size of your network seems to warrant it.

However, I would go for option 1 but with a secondary option of SSH open on untrust interface using a different manage-ip and also incorporate manager-ip to limit the access to a set of specific hosts.
0
 

Author Comment

by:paintco
ID: 24781390
sorry can you explain the last paragraph in more detail.
and also those 10 appliances some are ISG 1000 and some is SSG 350M
I'm looking for the best way to manage without purchasing the NSM
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 1500 total points
ID: 24781628
The manage-ip is an extra IP on the interface that you use to connect to via web, ssh, ssl etc, all configured under the service options.

This manes that you can manage the box using a different IP from the actual interface IP.

The manager-ip is the IP address of known and trusted hosts that you want to be able to manage the box from.

This works on all screenos devices, so the ISG and SSG makes no difference at all here.

Have a look at www.junper.net/techpubs and drill down into screenos for the versions you are running.  The admin guide will shed some more light on the details here, but the essence is above.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question