On Tue, Mar 16, 2004 at 05:01:22PM -0600, Gregory Taylor said something to the effect of: ..snip snip.. > As discussed in a previous thread, I spoke about transparent bridging used for > packet filtering and mangling. On a small application, that might be a good idea, > because you get all of the true internet access (i.e. legit IPs, no proxying etc.) > with the same ability to filter TCP, ICMP, UDP, IGMP etc. traffic. > > Disadvantages to dealing with transparent bridging is that you run into the whole > MAC address collision and excess over-head announcements being made from the bridge > itself every time it sends a packet through. > > The best option I guess is to figure out how important it is for you to have a > firewall,
_Everyone_ (network connected) should have a firewall. My grandma should have a firewall. Nicole, holding dominion over this business network and its critical infrastructure, should _definitely_ have a firewall. ;) Curses. Budget constraints. Bah. >what is the reason you need one and how important the data is on your servers. That >will help you decide the best choice for a firewall or proxy application. See above. ;) The importance of the data is often more and issue of calculating things like redundancy and storage. A firewall in this case should likely be regarded as non-negotiable. Be careful with transparent bridging in lieu of stricter edge filtering... Also consider the efficacy and reward of firewall logs, application layer filtering, and IDS integration (in a budget-friendly, open source flavor of free...) down the road. ymmv, --ra -- k. rachael treu, CISSP [EMAIL PROTECTED] ..quis costodiet ipsos custodes?.. > > Greg > > ---------- Original Message ---------------------------------- > From: Nicole <[EMAIL PROTECTED]> > Date: Tue, 16 Mar 2004 14:27:16 -0800 (PST) > > > > > > > > > Hi > > I am looking for a good but reasonably priced firewall for a 40 or so server > > site. Some people swear by Pix, others swear at it a lot. Also I have heard > >good things about Netscreen. Or any others you would recommend for protecting > >servers on a busy network. Don't really need anything with VPN just the > >standard http, ftp, ssh, https, type traffic up to 100mb throughput. > > From what I have heard a proxy firewall would be best? > > > > > > > > Thanks in advance!! > > > > > > Nicole > > > > > > > > > > > >-- > > |\ __ /| (`\ > > | o_o |__ ) ) > > // \\ > > - [EMAIL PROTECTED] - Powered by FreeBSD - > >------------------------------------------------------ > > " Daemons" will now be known as "spiritual guides" > > -Politically Correct UNIX Page > > > > > >