RE: Firewall opinions wanted please - clarification
As much as I hate to follow up my own post, I suppose I was a bit too vauge for my own good =] We do not run any cisco gear and we are in a Class A data facility. By proxy I did not mean to imply NAT. I cannot remember the proper term but what I mean is full packet handeling as opposed to packet inspection. Security is important but the budget limit is only up to about 3K. I have been trying to get the client a firewall for some time and am just now getting the go ahead. Sorry for any vaugeness but I usually like to not say to much as to sway opinions one way or another and to learn more as any knowlege I have may be wrong or out of date. Nicole On 16-Mar-04 Unnamed Administration sources reported Nicole said : > > > > Hi > I am looking for a good but reasonably priced firewall for a 40 or so server > site. Some people swear by Pix, others swear at it a lot. Also I have heard > good things about Netscreen. Or any others you would recommend for protecting > servers on a busy network. Don't really need anything with VPN just the > standard http, ftp, ssh, https, type traffic up to 100mb throughput. > From what I have heard a proxy firewall would be best? > > > > Thanks in advance!! > > > Nicole > >
Re: Firewall opinions wanted please - clarification
Sonicwall makes a great product that can run in STANDARD (Proxy) mode. Their prices are pretty good as well, espicially if you buy them through a reseller. We deploy many of these firewalls every year and they are great! Thanks, Brandon On Tue, 16 Mar 2004 15:07:26 -0800 (PST) Nicole <[EMAIL PROTECTED]> wrote: As much as I hate to follow up my own post, I suppose I was a bit too vauge for my own good =] We do not run any cisco gear and we are in a Class A data facility. By proxy I did not mean to imply NAT. I cannot remember the proper term but what I mean is full packet handeling as opposed to packet inspection. Security is important but the budget limit is only up to about 3K. I have been trying to get the client a firewall for some time and am just now getting the go ahead. Sorry for any vaugeness but I usually like to not say to much as to sway opinions one way or another and to learn more as any knowlege I have may be wrong or out of date. Nicole On 16-Mar-04 Unnamed Administration sources reported Nicole said : > > > > Hi > I am looking for a good but reasonably priced firewall for a 40 or >so server > site. Some people swear by Pix, others swear at it a lot. Also I >have heard > good things about Netscreen. Or any others you would recommend for >protecting > servers on a busy network. Don't really need anything with VPN just >the > standard http, ftp, ssh, https, type traffic up to 100mb >throughput. > From what I have heard a proxy firewall would be best? > > > > Thanks in advance!! > > > Nicole > >
Re: Firewall opinions wanted please - clarification
You mean _PROTOCL HANDELING_, I believe. I do not know, why people are paying so much attention to it. Important questions are: - which services are you providing for the public? - who will handle all your SSL sessions, if any (may be, Load Balancers? Then you do not bother about FW proxy for them); - who will handle all http requests (yes, proxy can help here, but it is not the only way); - who will inspect mail content (not SMTP protocol, but attachments etc)? - who will handle your ssh sessions, if you have inbound shh? - who will handle your inbound VPN or PPTP, if you use it? - are DDOS attacks dangerous for you (you host SCO, for example) or not (you provide specific servic for 100 companies, not for wide public); - do you use host level IDS / change control? PIX is excellent firewall... for many purposes, but not for others (and not as a proxy, of course). It is impossible to select anything without knowing answers on this questions... AlexeiRoudnev > > As much as I hate to follow up my own post, I suppose I was a bit > > too vauge > > for my own good =] > > > > We do not run any cisco gear and we are in a Class A data facility. > > > > By proxy I did not mean to imply NAT. I cannot remember the proper > > term but > > what I mean is full packet handeling as opposed to packet > > inspection. > > > > Security is important but the budget limit is only up to about 3K. > > I have been > > trying to get the client a firewall for some time and am just now > > getting the > > go ahead. > > > > > > > > Sorry for any vaugeness but I usually like to not say to much as to > > sway > > opinions one way or another and to learn more as any knowlege I have > > may be > > wrong or out of date. > > > > > > > > Nicole > > > > > > > > On 16-Mar-04 Unnamed Administration sources reported Nicole said : > > > > > > > > > > > > Hi > > > I am looking for a good but reasonably priced firewall for a 40 or > > >so server > > > site. Some people swear by Pix, others swear at it a lot. Also I > > >have heard > > > good things about Netscreen. Or any others you would recommend for > > >protecting > > > servers on a busy network. Don't really need anything with VPN just > > >the > > > standard http, ftp, ssh, https, type traffic up to 100mb > > >throughput. > > > From what I have heard a proxy firewall would be best? > > > > > > > > > > > > Thanks in advance!! > > > > > > > > > Nicole > > > > > > > > > > > > >
Re: Firewall opinions wanted please - clarification
On Tue, 16 Mar 2004 17:18:38 -0700 "Brandon Shiers" <[EMAIL PROTECTED]> wrote: > Sonicwall makes a great product that can run in STANDARD (Proxy) mode. As with any product, it's only as good as the support channel behind it *in your locality* ... we have just removed Sonicwall from the list of approved suppliers here because of a series of failures that left two parts of our network unprotected for several weeks (and, if any other Firewall vendors with _good_ European support are reading this thread, you're welcome to contact us by mail if you feel you can do better than Sonicwall's local representatives did ;-) ) -- Richard Cox
Re: [NANOG-LIST] RE: Firewall opinions wanted please - clarification
Another important question is who is going to be managing the firewall once it gets purchased and installed? Buying a PIX is great but not if you don't have anyone that knows how to use it. This applies to any vendors solution be it Checkpoint, IPTables, PIX, netscreen, etc.. Also by proxy do you mean statefull packet inspection? -Brent At 03:07 PM 3/16/2004, Nicole wrote: As much as I hate to follow up my own post, I suppose I was a bit too vauge for my own good =] We do not run any cisco gear and we are in a Class A data facility. By proxy I did not mean to imply NAT. I cannot remember the proper term but what I mean is full packet handeling as opposed to packet inspection. Security is important but the budget limit is only up to about 3K. I have been trying to get the client a firewall for some time and am just now getting the go ahead. Sorry for any vaugeness but I usually like to not say to much as to sway opinions one way or another and to learn more as any knowlege I have may be wrong or out of date. Nicole On 16-Mar-04 Unnamed Administration sources reported Nicole said : > > > > Hi > I am looking for a good but reasonably priced firewall for a 40 or so server > site. Some people swear by Pix, others swear at it a lot. Also I have heard > good things about Netscreen. Or any others you would recommend for protecting > servers on a busy network. Don't really need anything with VPN just the > standard http, ftp, ssh, https, type traffic up to 100mb throughput. > From what I have heard a proxy firewall would be best? > > > > Thanks in advance!! > > > Nicole > >
