Which settings are you looking at replicating, using an Ironport M-Series appliance you can create a master configuration for things like your identities, access policies, custom categories etc, This can then be pushed (or scheduled to be pushed) to a number of S-Series appliances.  All your changes are then made in one place which (hopefully) take the pain out of managing two or more policies on different devices.  (As far as I can see settings such as DNS / Routing etc are still done on individual s-series boxes)

In my opinion it's nice but until the m-series gets onboard S-Series reporting (so we can do away with Sawmill) it's a lot of tin for the job of managing configurations.

Jeremy Smith Wed, 01/20/2010 - 07:41
User Badges:

Thanks for the follow-up.  We have the base configuration done on each of the boxes, Auth., DNS, Logging, Interfaces, Routes, etc.  It's the day to day changes that we would like to replicate, (ex. mainly adding sites to a whitelist/blacklist, adding a new system to an identity policy, maybe a new custom url category).  At any one time there are 2-3 boxes in the load balance configuration so the changes would need to replicate in a timely mannor.  We would like to take the human element of error out of replicating the changes on each of the boxes.


This Discussion