Hi Guys,
I have a request from a client where they are looking to setup a test environment (firewall) to be able to make changes on before having it applied to their live / production firewall. The catch is, they need to be able to have live data or atleast the same traffic running through their test firewall to be able to see what impact their changes will make / have. The thought of VDOMS came up, but this would mean having two instances of firewalls running....
Does anyone have any ideas as to how I could set this up? If it even would be possible?
thanks,
theG
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What's the business case for this? Your adding more work than's required and the client seems to be leading this. You should review the policy, asset the risk, and have a policy change and backup plan.
To try to duplicate the traffic is just asking for more complexity. If they want to do it right, you would really define a production and non-Production ( sandbox ) sites and QA any changes on the non-Production site b4 implementation into the prod-network and still maintain the earlier suggestion ( firewal audit, snapshot, rollback, etc.....)
PCNSE
NSE
StrongSwan
I would just go with using a spare/test unit if your client wants to set up something that mimics the live/production environment -- just section off a department/network and put them on the test unit; it's a bit easier and manageable to deal with the fgt device as a whole than mess around with VDOMS/configuration changes, etc.
That being said, if your client is adamant about using VDOMS, they might want to consider putting the fgt into transparent mode and maybe have two VDOMs more-or-less mirroring each other.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
thanks for your input guys...much appreciated! As I thought...setting something up as they wanted won't really be possible. I'll have to try looking into alternative options.
I'll look at using your suggestions somehow...thanks!
Please let us know what you end up trying. Thanks.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1557 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.