As my organization grows and we're adding more sites, more complicated data center networking, and more data center firewalls, I sometimes find myself wondering whether I should look towards unifying firewall policies either at the geographic level or just for like-purpose sites globally, rather than have site-specific firewall policies. My firewall vendor (Check Point) always demos a single unified policy with inline layers for branch offices, and that approach seems to nicely abstract the underlying networking, but some consultants warn me against it due to complexity which I'm not sure I understand.
How do you folks handle unified firewall policies? Do you do it? If you do, how have you chosen to unify them? If you don't unify sites, why not?
No comments:
Post a Comment