GCN Lab review: SecureTrack lets you centralize management of your organization's firewalls
- By Greg Crowe
- May 21, 2008
THE FIREWALL IS an essential appliance for any organization concerned with network security and protection from external attacks, which at this point should be everyone. In large organizations, the need for security is even more complex because certain zones, such as finance and clearance-level file storage, often need their own firewalls.
Central management of firewalls has always been a challenge, especially when they come from different manufacturers. Maintaining and updating many firewalls in different areas of the network can become a full-time job.
The SecureTrack T-500 from Tufin Technologies can reduce the time needed for firewall maintenance by monitoring them from a single 1U rack-mount appliance. You can enforce policy changes and change settings from a single interface.
We were pleased with the variety of ports on the T-500. It has four Gigabit Ethernet ports that allow for a variety of network configurations.
The two RJ-45 serial ports ' one in front and one in back ' make direct connection to another computer easy. Its PS2 keyboard and mouse ports, along with its SVGA video connection, allow direct access to the device. It has three USB ports, including one in the front that can be used with a special, included flash drive to reset the appliance to its factory defaults. Its two hot-swappable power supplies would keep the T-500 powered even if one should fail.
The SecureTrack is easy to set up. We only needed to hook a keyboard and monitor to it to set the IP addresses of the ports we needed. Then we were ready to connect it to the network and log in to the Web interface. A setup wizard took us through the basic steps, including setting the TCP/IP numbers of the network and entering the e-mail addresses where notifications would be sent. After this, it was ready to discover the firewall appliances in our network.
SecureTrack is preconfigured to discover some of the more commonly used firewall appliances.
This list is limited to Check Point, Cisco Systems and Juniper Network devices. This includes many of the ones used in government circles, but we felt it should have included more. SecureTrack is able to monitor changes to the appliances it recognizes and track those changes in its database. It can enforce corporate policies by centrally tweaking firewall rules and coordinating updates.
SecureTrack makes it easy to monitor firewalls from a central location, but it does not translate that information into an entirely user-friendly format. The reports and status windows demand at least a basic understanding of how firewalls work and firewall-specific lingo. However, for an administrator who knows enough to be dangerous, the T-500's interface should provide all the information needed to manage an entire network's firewalls.
The T-500 can monitor as many as 100 firewall appliances at the same time and was easily able to watch the 15 in our test bed.
The price of the SecureTrack T-500 as configured for our lab is $5,000. This was a bit higher than we were hoping for but not unreasonable.
Of course, the more firewalls your network has, the better the price looks.Tufin Technologies, 877-270-7711, www.tufin.com