Firewall to Staff Ratio  Firewalls
This is a discussion on Firewall to Staff Ratio  Firewalls ; Can anyone provide guidance to how one might calculate how much staff
is necessary to support a Checkpoint firewall pair?
I know that this ratio may be impacted by several factors (i.e, the
size of the user base or the ...

Firewall to Staff Ratio
Can anyone provide guidance to how one might calculate how much staff
is necessary to support a Checkpoint firewall pair?
I know that this ratio may be impacted by several factors (i.e, the
size of the user base or the number of supported applications), but a
ballpark figure and the basis for the ratio is appreciated.
Alternatively, if one can direct me to a tool for calculating this
metric, I would be grateful.
Thanks

Re: Firewall to Staff Ratio
In article <7c48a49655ae4602a3832044c334f3a1
@j22g2000hsf.googlegroups.com>, texasredant@gmail.com says...
> Can anyone provide guidance to how one might calculate how much staff
> is necessary to support a Checkpoint firewall pair?
>
> I know that this ratio may be impacted by several factors (i.e, the
> size of the user base or the number of supported applications), but a
> ballpark figure and the basis for the ratio is appreciated.
> Alternatively, if one can direct me to a tool for calculating this
> metric, I would be grateful.
There is no good answer. We have CP firewalls installed that get checked
monthly for operation and we have ones that are monitored daily for
operation (meaning what is passing in/out).
Once it's installed and working, if you get reports, and if you don't
need to change rules, it doesn't need anyone.

 Igitur qui desiderat pacem, praeparet bellum.
 Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Firewall to Staff Ratio
Texas Fireant wrote:
> Can anyone provide guidance to how one might calculate how much staff
> is necessary to support a Checkpoint firewall pair?
>
> I know that this ratio may be impacted by several factors (i.e, the
> size of the user base or the number of supported applications), but a
> ballpark figure and the basis for the ratio is appreciated.
> Alternatively, if one can direct me to a tool for calculating this
> metric, I would be grateful.
>
> Thanks
Depending on the size of your company it might make sense to get a partner for serious system stuff,
(set up, upgrades, licensing...)and therefore avoid training costs of your staff.
Checkpoint is very powerfull and very complex.
But once it is up and running and your network is fairly static, a network engineer can learn how to add rules and read
logs.
We have customers with several clusters around the country, dozens of networks and almost any CP feature installed they
have two sec. engineers dedicated to CP  incl. 24/7 hotline.
also depends if IT is your core business or not.
hth
M

Re: Firewall to Staff Ratio
Texas Fireant wrote:
> Can anyone provide guidance to how one might calculate how much staff
> is necessary to support a Checkpoint firewall pair?
>
> I know that this ratio may be impacted by several factors (i.e, the
> size of the user base or the number of supported applications), but a
> ballpark figure and the basis for the ratio is appreciated.
> Alternatively, if one can direct me to a tool for calculating this
> metric, I would be grateful.
You need 1 admin. You probably will need additional admins if you want
to guarantee particular response times or uptimes or have more than one
location. These requirements/factors will determine how many admins
you'll actually need. The number of users or applications is
immatierial.
cu
59cobalt

"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and rearchitect their solution."
Mark Russinovich

Re: Firewall to Staff Ratio
Thanks to all for your input...TX FireAnt.

Re: Firewall to Staff Ratio
On Jun 30, 2:24*pm, Texas Fireant wrote:
> Can anyone provide guidance to how one might calculate how much staff
> is necessary to support a Checkpoint firewall pair?
>
> I know that this ratio may be impacted by several factors (i.e, the
> size of the user base or the number of supported applications), but a
> ballpark figure and the basis for the ratio is appreciated.
> Alternatively, if one can direct me to a tool for calculating this
> metric, I would be grateful.
>
> Thanks
In a vacuum  for just 2 firewalls  you would need one person to run
them.
In the real world  the number varies wildly. Don't think of
firewalls as just a pair of boxes in a rack somewhere. With firewalls
comes a much larger responsibility to create security policy, create
processes surrounding changes to the firewalls, response to 'events',
how to handle breaches, etc.
Your question is loaded at best