>From my experience, 32MB of RAM is plenty for 100+ users. In fact, a
506 will handle that many connections without breaking a sweat.
Josh Vince
Sr. Network Engineer
CCNP MCSE MCP+I
BCG Systems, Inc.
-----Original Message-----
From: Ole Drews Jensen
Sent: Tue 9/25/2001 1:08 PM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: Personal Security Recommandation - Cisco PIX or ?
[7:21012]
Thanks (as always) Allen,
I do have a couple of additional questions is you have a minute:
PIX firewalls available now is as far as I can see the 515R,
515UR and 520.
We need to protect two LAN's, so I will either have to go with
two 515R's or
one 515UR.
When I look at the prices, it would be less expensive to get two
515R's, and
that would make administration easier, because we are two
people,
responsible for one LAN each. However, the 515R only has 32MB,
and with
about 100 people on each LAN, I don't know if that would be
enough.
Also, I am not sure what "restricted software" on the 515R
means, and the
CPQRG doesn't give me that information off hand.
Any good advise here?
Thanks again,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.RouterChief.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NEED A JOB ???
http://www.oledrews.com/job
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: Allen May [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 11:31 AM
To: Ole Drews Jensen; [EMAIL PROTECTED]
Subject: Re: Personal Security Recommandation - Cisco PIX or ?
[7:21012]
Comments inline:
----- Original Message -----
From: "Ole Drews Jensen"
To:
Sent: Tuesday, September 25, 2001 11:07 AM
Subject: Personal Security Recommandation - Cisco PIX or ?
[7:21012]
> In regards to network design in the security area, I would
like to start a
> discussion / get feedback from those of you who have dealt /
are dealing
> with this.
>
> I know that I can most likely pull up some websites that has
answers to
> this, but I would like a feedback from "real people" that are
working with
> this.
>
> I am only now in the process of finishing my last exam for the
CCNP, and I
> am then planning on going towards the security specialization.
Therefore,
my
> knowledge of firewalls, vpn's, etc. are not that great.
Learn IPSec first thing when you concentrate on Security.
>
> We have at the company I work for used Check Point, but that's
a very
> expensive product, and needs to be relicensed over and over.
We are
> currently using Gauntlet, but that will be discontinued on the
Windows NT
> platform.
>
> Because of this, I am now trying to get some feeling for a
good solution,
> and (of course) Cisco's PIX came to my mind. However, I have a
couple of
> questions I would like to get some feedback on, and perhaps
start a short
> discussion.
>
> How is the PIX compared to other products when looking at:
>
> 1) Difficulty of administration?
If you're used to a command line interface and Cisco IOS, it's
different,
but concepts are basically the same. As of 6.0 there is a GUI
interface.
Tons of example configs are out there and in the manual.
> 2) Price?
Estimated:
501 - ~$850 (2 interfaces only)
506 - ~$1400 (2 interfaces only)
515 - up ~around 5 digits...it depends on what you put in it.
CDW.com will
give you some basic guidelines for estimated prices.
> 3) Effectiveness of intruder protection?
Well...it's a firewall. It's as effective as you make it. IP
reverse
verify helps stop spoofing, static embryonics help prevent DOS
attacks, etc.
It only allows access to ports you specify so it's only as
secure as the
servers behind it on those ports (as is any firewall). It can
tie in with
other software for IDS and outbound URL restrictions as well.
ActiveX
filters can block all ActiveX if you like. SYSLOG output allows
any 3rd
party software that monitors SYSLOG to work.
> 4) Speed (slowing down the communication)?
501 and 506 are 10Mb but clock around 6-7Mb on tests. Other
models are
100Mb and clock much higher. If you use IPSec encryption it
will obviously
slow this down.
>
> and
>
> 5) What would you recommend?
PIX is my personal favorite IMHO.
>
> Thank you very much for your time on this,
>
> Ole
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Ole Drews Jensen
> Systems Network Manager
> CCNA, MCSE, MCP+I
> RWR Enterprises, Inc.
> [EMAIL PROTECTED]
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> http://www.RouterChief.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> NEED A JOB ???
> http://www.oledrews.com/job
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[EMAIL PROTECTED]
[GroupStudy.com removed an attachment of type application/ms-tnef which had
a name of winmail.dat]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21033&t=21012
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
