Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 994 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Policy Best Practice

michael_84

Hi,

Been looking around the knowledgebase but can't find quite what I'm looking for, I would like to know if there is a preferred structure for the firewall policies. Should you breakdown the firewall policies into different OS versions? break it down further into different architectures or do you just have one main firewall policy used by all OSes regardless or arch?

Thanks

:25855


This thread was automatically locked due to age.
Parents
  • 0

    Hello michael_84,

    As for Best Practice: The preferred way is from simple to granular (and this only when necessary) . In general I'd make a distinction between XP and Windows 7 but not break down by SP or architecture (the math is easy: if you have 32 and 64 bit on both OSs break down by architecture will double the number of policies).

    It depends on the settings and rules you use and on your group structure (if you have different sets of rules for different groups and whether in turn the groups contain a mix of OS versions). The predefined rules (wizard) work with all OS versions. As the executables are different you have different checksums but this does IMO not justify "splitting" the policies (of course if you have hundreds of different checksums for each OS version it will improve performance to include just the relevant ones).

    Christian

    :25905
Reply
  • 0

    Hello michael_84,

    As for Best Practice: The preferred way is from simple to granular (and this only when necessary) . In general I'd make a distinction between XP and Windows 7 but not break down by SP or architecture (the math is easy: if you have 32 and 64 bit on both OSs break down by architecture will double the number of policies).

    It depends on the settings and rules you use and on your group structure (if you have different sets of rules for different groups and whether in turn the groups contain a mix of OS versions). The predefined rules (wizard) work with all OS versions. As the executables are different you have different checksums but this does IMO not justify "splitting" the policies (of course if you have hundreds of different checksums for each OS version it will improve performance to include just the relevant ones).

    Christian

    :25905
Children
No Data