Our information Security department is different from the network group. Currently, we have Check Point firewalls running on Nokia boxes (IPSO image). The Network group handles the installation, upgrade, routing and IP address specification etc on the firewalls, while Information Security writes the rules. The problem is that almost all trouble shooting involves the two groups. For instance, in a session that involves VPN tunnels, Information Security will not be able to perform such simple but pertinent task of deleting and reestablishing a specific VPN tunnel as they would not have the right to do so. What have you seen in the industry? Should the firewall responsibility be split between two groups? If not, who should be responsible for the firewalls ? Information Security or the LAN/WAN group?