Hi,
The company I work for want to host clients sites - soon we will be hosting
a number of client sites by co locating FreeBSD servers at an ISP in the UK.
For several reasons we have decided to use hardware based firewalls rather
than a software based solution (such as using IPFW on *BSD).
For the moment one client will have 2 BSD servers which will need to be
connected to each other over 100Mbit ethernet - for this we need to use a
switch. This switch will then be connected to a further switch which will be
finally connected to our ISPs network, as shown below:
ISP Network
|
| (the network is 100Mbit ethernet)
|
Switch 1 ------------- Our DNS servers
| |
| \--- Our Mail servers / etc...
|
Switch 2--Client DB Server
|
|
Client
Web
Server
The idea is that Switch 1 and 2 will also provide firewall services - so
that we can lockdown port access to our hosting network (with Switch1) and
further lock down our clients servers (with Switch2). For various reasons
related to our clients security requirements we need to use seperate
switches. For switch 1 8 ports would be fine, and 16 would be ample. For
Switch 2 we're probably only ever going to use 2 ports, so anything above
that would be fine. Both would need to be able to handle 100Mbit ethernet.
Switch 1 will probably need to process about 1-2Mbp/s of traffic, and Switch
2
will need to process about 0.5 -
1Mbp/s of traffic. Both will be using fairly simple rules (i.e. we just want
to block non HTTP ports on Switch 2 and Switch 1 will have similar rules
allowing a few more things in - each server will have a real IP address so
there'll be no need to do NAT or anything like that)
I'm reasonably new to firewalling, but I'm assuming what I need is a packet
filtering switch?
Cisco seems to be a highly recommended firewall vendor - and I think for
various reasons (mostly political) using Cisco gear would be a good move.
Which Cisco boxes should I be looking at? Are there any comparisons
anywhere?
Is there a Cisco kit intro / FAQ that would be useful to someone wanting to
learn about their products? I looked on their site - but its 'very link
heavy'. I have some experience of networks and firewalls, but not loads (I'm
a University CS Honours Degree graduate).
Are there any cheap suppliers of Cisco kit in the UK?
Thankyou helpful people!
-Rob
--------------------------------
http://www.robhulme.com
http://www.christianunion.org.uk
A hug is the perfect present: One size fits all and it's easy to exchange.
An English professor wrote on the blackboard: Punctuate this sentence:
'Woman without her man is nothing'. The men wrote: 'Woman, without her man,
is nothing.' All the women wrote: 'Woman! Without her, man is nothing.'
Marriages are made in heaven. But so is thunder and lightning.
Marriage is when a man and woman become as one; the trouble starts when they
try to decide which one.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
