Firewall to Staff Ratio

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Can anyone provide guidance to how one might calculate how much staff
is necessary to support a Checkpoint firewall pair?

I know that this ratio may be impacted by several factors (i.e, the
size of the user base or the number of supported applications), but a
ballpark figure and the basis for the ratio is appreciated.
Alternatively, if one can direct me to a tool for calculating this
metric, I would be grateful.


Re: Firewall to Staff Ratio
In article <7c48a496-55ae-4602-a383-2044c334f3a1>, says...
Quoted text here. Click to load it

There is no good answer. We have CP firewalls installed that get checked
monthly for operation and we have ones that are monitored daily for
operation (meaning what is passing in/out).

Once it's installed and working, if you get reports, and if you don't
need to change rules, it doesn't need anyone.

- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist" (remove 999 for proper email address)

Re: Firewall to Staff Ratio
Texas Fireant wrote:
Quoted text here. Click to load it

Depending on the size of your company it might make sense to get a partner for
serious system stuff,
(set up, upgrades, licensing...)and therefore avoid training costs of your staff.
Checkpoint is very powerfull and very complex.
But once it is up and running and your network is fairly static, a network
engineer can learn how to add rules and read

We have customers with several clusters around the country, dozens of networks
and almost any CP feature installed- they
have two sec. engineers dedicated to CP - incl. 24/7 hotline.
also depends if IT is your core business or not.


Re: Firewall to Staff Ratio
Quoted text here. Click to load it

You need 1 admin. You probably will need additional admins if you want
to guarantee particular response times or uptimes or have more than one
location. These requirements/factors will determine how many admins
you'll actually need. The number of users or applications is

"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Firewall to Staff Ratio
Thanks to all for your input...TX FireAnt.

Re: Firewall to Staff Ratio
Quoted text here. Click to load it

In a vacuum - for just 2 firewalls - you would need one person to run

In the real world - the number varies wildly.  Don't think of
firewalls as just a pair of boxes in a rack somewhere.  With firewalls
comes a much larger responsibility to create security policy, create
processes surrounding changes to the firewalls, response to 'events',
how to handle breaches, etc.

Your question is loaded at best ;)

Site Timeline