Hi Simon,
what about using Cisco PIX. You can order the 2nd 'failover'-System
for the cost of the hardware. Management is much easier than using
FW1-GUI and the Performance is great.
Why don't you let the firewall protect your DMZ? Use one interface
of the firewall as outside, one for the DMZ and a third for your
inside.
kind regards
peter
[EMAIL PROTECTED] wrote:
>
> Hi,
>
> I was hoping some of you would be able to give me your opinions on how I
> should proceed in my firewall placement strategy.
> Here is some detail on our current setup:
>
> Firewall = Watchguard firebox II.
> - [LAN]
> [Internet] - [Router] - [Firewall] ---
> - [DMZ]
>
> We will be replacing the Watchguard with Checkpoint Firewall-1 running on
> NT (I know about NT, but this is what the business wants). I will be
> wanting to implement 2 firewalls but I have yet to decide whether to go for
> fault tolerance, or to place the secondary firewall between the DMZ and the
> LAN:
>
> Scenario1 (Fault tolerance)
> - [LAN]
> [Internet] - [Router] - [Firewall x 2] ---
> - [DMZ]
>
> Scenario 2
> [Internet] - [Router] - [Firewall] - [DMZ] - [Firewall] - [LAN]
>
> Scenario2 ( higher security)
>
> Your suggestions will be greatly appreciated.
>
> Regards
>
> Simon
>
> **********************************************************************
> If you are not the intended recipient of this e-mail and have received it
> in error, you are on notice that the e-mail and any attached files are
> confidential. Please notify us immediately by reply e-mail and then delete
> this message from your system. Please do not use, distribute, copy or
> take any action in reliance on it as to do so could be a breach
> of confidence. The sender does not accept any responsibility for any
> loss, disruption or damage to your data or computer system which may occur
> whilst using data contained in, or transmitted with, this e-mail. Thank
> you for your co-operation. If you need assistance, please contact
> Maritz Ltd - tel.: +44 (0)1628 486011 or e-mail: [EMAIL PROTECTED]
> **********************************************************************
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
-------------------------------------------------------------
peter erkens primus services group GmbH
phone +49 221 3091-562 Bonner Strasse 172 - 176
fax +49 221 3091-566 D-50968 Koeln
[EMAIL PROTECTED] Germany
-------------------------------------------------------------
sure, unix is user friendly,
it's just particular about who it makes friends with
-------------------------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
