I think the more typical way to do this (office connects and internet) is to
do some type of connection internally via routers and then use a firewall
that hooks you to the internet. I guess it depends on how much traffic
there is between your networks. If it is somewhat significant, I'd split
the solution. The other issue would be that your rule set will be pretty
complex and not so easy to manage and one mistake could open something up to
the 'net that you weren't expecting.
However you decide, another option would be something like a Cisco (your
preference right?) Catalyst 5500 with an RSM and a NetFlow capable
Supervisor (or whatever the latest is). You can setup vlans according to
your subnet config and put acls on them. I would expect you could also run
IOS firewall on the RSM for more features (check w/Cisco on that one). You
could also do something similar with the 6500. You can also set them up to
be fully redundant. This would give you a high-speed solution with a lot of
functionality.
Mike.
--
Mike Braden
CNE, MCP+I, MCSE, CCNA, Sun Comp 2k Enterprise
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, November 21, 2000 7:17 AM
To: [EMAIL PROTECTED]
Subject: best corporate firewall
Suppose i want to create 30...50 fully separated physical subnets
(Ethernet) in an office building, with firewall (packet filter, whatever...)
rules both for inter-subnets communication and for communication with the
outside.
What is the best (hardware) solution for this? Maybe a Cisco router,
with
many Fast Ethernet interfaces (as many as the number of subnets)? Or
something else?... (i prefer Cisco solutions, for non-technical reasons, but
others too are acceptable).
Any suggestions?
--
Sandman
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
