Hey all,
Currently I have (4) smartcenters managing (4) different
firewalls/networks. These networks are totally isolated from one
another by a router outside the firewalls. I'd like to upgrade to NGX
in next 6 months or so but, the nokia's I have won't run NGX and I don't
have money for 4 new firewalls. I was hoping to decommission 3
smartcenters and build them as splat enforcement points. That way I
only need to buy one more server. It would also be nice to have all the
logs in one smartcenter.
I took one of the smartcenters today and made a new policy but I was
still able to see all the objects from the old policy. Is there a way
to have one smartcenter manage multiple enforcement points with
different rulebases but "agency 1" not to be able to see the objects
from "agency 2-4" when they look at their policy.
I also thought about limiting the user's abilities to Tracker. That way
they couldn't see the rules at all. Who knows what kind of political
nightmare that might stir up though?
TIA
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
