VMS 2.3 for Firewall Management

bjames · ‎02-18-2005

Hi,

Is anyone using VMS mainly for managing multiple firewalls? I have been testing the product, and am having alot of issues with it's limitations, so I wanted to get feedback from someone who is using the product for managing alot of firewalls.

Thanks

bryan.green · ‎02-18-2005

Firewall MC has been a failure for us. Let me save you 6 months of frustration and several TAC cases. See Cisco bug id CSCsa33249.

"Optimization is always on for object groups"

Within Ciscoworks VMS firewall MC, the software will make configuration "optimizations" that you may or may not like. Firewall MC has a button to disable feature, hwoever, it does not function; the button simply does nothing.

For example, the optimization will take subnet masks with predefined hosts or static xlates and modify them so instead of having 3 hosts with 255.255.255.255 masks, it will consolidate them into a single entry with the appropriate mask to group them together, with say a 255.255.255.248 or whatever is appropriate. The bug reffers to this as flattening.

The Cisco DE team is aware of this issue and there is no work around; worse yet, the code to resolve this is supposed to be out in August 2005. Meanwhile, this bug has been opened since mid-2004.

bjames · ‎02-19-2005

Bryan,

Thank you for your honest reply! I have already written my recommendations NOT to implement this in a complex production environment. I have found alot of issues and taken them up with TAC, like you said they are saying they will be fixed in 3.0 when it's available @ Aug.

I am still interested to hear from anyone else, as I'm dissappointed the product purports to solve all the issues we wanted to address, yet in my opinion is still in Beta.

Thanks again