What I was implying was that Glenn was mentioning looking at different vendors for firewalls and then there was talk about budget and alot of other questions. Then he pointed to just running ipchains on a Linux Box. This is all good if you are merly just wanting to do packet filtering. This is highly scalable, but does not provide alot of security measures. There is no blank vs blank. There is a big diference between packet/data/application filtering. Not all firewalls can do all of the above. And some that can do not provide for limited Application Support. Hope this helps with what my previous message was talking about.
Chris -----Original Message----- From: Glenn Pitcher [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 15, 2001 6:08 PM To: 'Christopher Vittek'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: What firewall? I don't quite understand where you got that notion... what I was presenting were some very basic questions that need to be asked before model numbers start getting tossed around. Martin mentions in his original message that he has a "big serverpark." Okay, "big" needs to be defined... is it 20 Linux servers or 100 clustered Sun E15000s? (oh, I bet Sun would love that sale! :-). How many transactions per second are going through the outgoing pipe? What's the total bandwidth incoming and outgoing? Are you doing streaming media? All of these questions will have a huge impact on the type of firewall you need to purchase. What do you mean by packet filtering vs. data filtering? Are you talking IP addresses vs. port numbers? If so, any firewall worth its salt will be able to handle that. -----Original Message----- From: Christopher Vittek [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 15, 2001 11:13 AM To: Glenn Pitcher; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: What firewall? The only problem I see with this is that this would do good for just packet filtering at the network level. It would be great for functionality and expanability, but for secure, not that good. You need a firewall that can do data filtering as well. Also that the firewall can be between the data-link and the network level. That way the firewall controls everything before the packets can move up the layers to the applications for example. Just watch what firewalls you look at, because ones that only do this can bog down the system and have limited Application support. My idea would be to suggest Checkpoint that can do both of the above. Chri -----Original Message----- From: Glenn Pitcher [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 7:51 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: What firewall? If I were given this project, these are a few of the basic questions I would be asking even before thinking about any particular vendor: 1) Budget. Budget. Budget. 2) Is there a need for failover capabilities? Does this firewall need to be up 24/7 or can you stand to be down for a while in the case of a failure? 3) What are your plans for expansion for the next three to five years? This will help determine how expandible the system will need to be. 4) What are your current throughput requirements? What are they projected to be in 6 months? In 2 years? Depending on some of your responses, you might be able to get away with something as simple as ipchains on Linux which will only cost you the price of a computer and a couple NICs. ------- Glenn Pitcher Sr. Unix Admin in need of a job! (858) 674-1847 (voice) [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, November 12, 2001 1:42 PM To: [EMAIL PROTECTED] Subject: What firewall? Hi! I\'m about to buy a firewall, and I wonder if you people could give me some advices that could help me decide which one that fits me best. See, I\'m quite new with this. So, this firewall should protect a quite big serverpark. It has to deal with a lot of information. It might be necessary to use two devices. If it is, the information will be divided upon these two with a load balancer. No special needs for VPN. I\'ve been thinking about using Watchguard Firewall 2500 or 4500. I know that 4500 handles VPN though. Is this a good choice? Is there sites on the net where products are compared and where you could see the good and the bad of each one? Thanks / Martin Andersson
