1 Reply Latest reply on May 12, 2011 12:35 PM by RRMX

    Smart way to create and manage Firewall policies / rules in multiple remote sites ?

      Hello everybody,

       

      I plan to use HIPS + FW for my remote DC's. But I cant figure out how to solve this problem :

       

      Theoritically at a remote site there are 20 PCs + DC. I want to control and manage Windows RPC actions (Port 137-139) between these machines. I plan to create a rule like ; only allow RPC traffic from local site (x.x.x.x network).

      IMO the simplest way to to that is to create a policy for each remote site and assign to it's site. But that means lot of policies and I want create and manage minimum number of firewall policies and rules.

       

      Is there a better and smart way to do that in minimum number of policies ?

       

      Thank you anyway.

        • 1. Re: Smart way to create and manage Firewall policies / rules in multiple remote sites ?
          RRMX

          I can think of a couple options off the top of my head:

           

          • You can add all of your DC's into a single Trusted Networks policy, and then create one Firewall Rules policy that includes a rule that allows all IP from Trusted...
          • But this is dependent on if you want machines in location X to allow connections from the DCs in all the other locations.

           

          Or...

          • Create one Firewall Rules policy, and make a Connection-Aware Group for each location, then create a rule in each CAG that allows incoming connections from the proper DC.
          • Not sure how many locations you have though... this may be somewhat difficult to manage.

           

          Option A would be the easiest to manage I think, but option B would make it a bit more locked-down.