Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ISG management

Posted on 2009-07-05
3
Medium Priority
?
234 Views
Last Modified: 2013-11-16
I have around 10 remote site with 10 firewalls to apply management for all f/w which is better from the following:
1- manage from the assigned IP for the trust zone
2- advertising a management x.x.x.x/30 subnets in all routers for managing f/w
0
Comment
Question by:paintco
  • 2
3 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 1500 total points
ID: 24781357
Option 1 will mean that all access will need to come from the trust side, ie no remote mgmt, you will need to be either within the LAN or VPNed in.

Option 2 is possible but it a pain to manage, ie if any network changes take place, its a lot of work to manually update all of them.

Have you considered using mgmt software, ie Network and Security Manager (NSM)?  NSM comes into its own when you have around 10 devices to manage and especially if they are all ISGs, the size of your network seems to warrant it.

However, I would go for option 1 but with a secondary option of SSH open on untrust interface using a different manage-ip and also incorporate manager-ip to limit the access to a set of specific hosts.
0
 

Author Comment

by:paintco
ID: 24781390
sorry can you explain the last paragraph in more detail.
and also those 10 appliances some are ISG 1000 and some is SSG 350M
I'm looking for the best way to manage without purchasing the NSM
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 1500 total points
ID: 24781628
The manage-ip is an extra IP on the interface that you use to connect to via web, ssh, ssl etc, all configured under the service options.

This manes that you can manage the box using a different IP from the actual interface IP.

The manager-ip is the IP address of known and trusted hosts that you want to be able to manage the box from.

This works on all screenos devices, so the ISG and SSG makes no difference at all here.

Have a look at www.junper.net/techpubs and drill down into screenos for the versions you are running.  The admin guide will shed some more light on the details here, but the essence is above.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question