interesting question... back in 1998 we had a research prototype at Bell La=
called Firmato that could have done what you wanted, if it would have become
a product...

Maybe Solsoft (now exaprotect) can do this?
no idea about their pricing though, and it's certainly not freeware


Shameless plug: if you want to analyze these firewalls for risk or cleanup,
or to monitor their changes, you can check out http://www.algosec.com

On 4/30/08, Mike Davis wrote:
> This is my first posting so be gentle ;-)
> I have an environment that is all Cisco based firewalls for my edge
> protection and site to site vpns. I have a little over 100 remote sites
> running on ASA 5505's with an AES Tunnel to both the primary (HQ) and
> secondary (DR ) sites. It is working quite nicely and has been for years
> now but the problem I have is this=85 all my remote site firewalls are not
> centrally managed in the sense that I can make one change in a console and
> push it globally to all my remote firewalls so that when a change is
> required, I have to log into each and every one (I use SSH) and make the
> changes.
> I know that Cisco Security Manager will allow me to do that but at the 10=

> pricetag I was quoted from Cisco with the blink of an eye=85 I just canno=

t put
> that into my budget.
> Does anyone know of or can recommend any freeware or low-cost-ware
> application that will allow me to monitor and make global config changes
> without having to SSH to each one? The ability to segregate into groups =

> manage based upon groups would certainly be a plus as well but not a
> requirement.
> Thanks in advance!
> Mike Davis
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards

-- =

Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
******* Firewall Management Made Smarter ******
firewall-wizards mailing list