I'm not deeply familiar w/ firewalls in general, and certainly none of the modern systems, but I'm participating in a PA rollout. Not particularly large, but a specific objective is to proceed "as scalably as possible", because this is also a POC for a future possible project that could be much larger.
Since this is fitting into greenfield infrastructure, it's easy and desirable to enforce consistency where ever possible.
It seems a great way to do that would be to lean heavily on the device groups and templates so that adding more sites is as repeatable as possible.
Are there any gotchas or caveats I should beware of? Are there inherent limitations about "you can only have x number of objects/policies in the 'shared' device group" or "template stacks are buggy and don't work 1/3 of the time" or anything else like that I should be aware of? Or should I take those features at face value and make use of them where they look like a good fit?
No comments:
Post a Comment