Distributed offices and fast bandwidth have pushed the corporate network perimeter out into the Internet and into employee's homes. Your company's security policy might require the use of hardware devices such as broadband routers, personal firewalls, or host-based firewall software to protect remote portals into your corporate network. Some proactive companies even specify or purchase these security measures for employees. However, many employees don't realize the importance of properly configuring and maintaining these security devices.
Most firewall vendors offer software to remotely maintain, monitor, and manage distributed firewalls. SonicWALL's Global Management System (GMS) Standard Edition 2.2 differs from the competition because it lets you centrally manage any SonicWALL security appliance—from the company's enterprise-class firewall to its entry-level TELE3 firewall, which SonicWALL markets to telecommuters. Although proprietary to SonicWALL, GMS's functionality is useful. Other vendors should consider providing centralized management (or even cross-vendor interoperability) of even their low-end security appliances.
Keeping Tabs on Your Remote Firewalls
GMS eases end users' configuration responsibilities by centralizing the configuration, logging, reporting, registration, and subscription upgrades of SonicWALL products. In addition, IT staff can perform most security-appliance maintenance from the central console (you must have access to the appliance to perform initial configuration of the interfaces, such as setting the IP address, and to use some diagnostic tools). GMS supports the use of template files, which really speeds up the repeat setup of multiple firewall devices.
GMS typically uses a two-tiered approach. Network agents gather information from the SonicWALL appliances, and a GMS console collects the information from these agents and stores it in a central database. You can direct multiple appliances at an agent, and multiple agents can communicate with the console. For small installations, you can use a one-tier model whereby the remote firewalls communicate directly with the console.
Viewing a Sample Topology
Figure 1, page 48, shows a basic topology that uses GMS to manage a distributed network. In this example, the GMS console and database are on the same computer at corporate headquarters (for the best performance, SonicWALL recommends installing the console and database on separate machines). The GMS console communicates with a SonicWALL PRO 300 firewall on the LAN; this firewall serves as the Internet gateway for the corporate network. A SonicWALL TELE3 firewall at a telecommuter's home connects to the corporate network through the SonicWALL VPN. The GMS platform lets the corporate IT staff centrally manage settings and monitor logs and events for each SonicWALL appliance. Table 1, page 48, summarizes the units used in this basic environment as well as the estimated prices.
Installing GMS
The GMS platform lets you manage thousands of SonicWALL devices from one location. This system costs substantially more to deploy than simpler broadband routers, but the level of security and the features are on par with enterprise systems often seen in large corporate offices. GMS supports Sun Microsystems' Solaris 8, Windows XP Professional, Windows 2000, and Windows NT 4.0 Service Pack 4 (SP4) and later and requires a database (the product supports both Oracle's Oracle9i 1.6 Standard Edition and Microsoft SQL Server 2000 SP2).
Setup and documentation of the SonicWALL firewall devices are excellent. The setup wizards support various configurations (e.g., Network Address Translation—NAT—to a more complex demilitarized zone—DMZ—with one-to-one NAT) and provide good logic to walk you through your particular scenario. The online documentation includes hyperlinks for technical terms that point to a glossary to help less-experienced users. The print documentation for these devices is well organized and explains in detail all the features of the SonicWALL appliances.
Previous
