Firewall Wizards mailing list archives

Re: separating the servers on a switch

From: Jared Valentine <hidden () xmission com>
Date: Thu, 12 Sep 2002 22:34:50 -0600 (MDT)

Shimon:

Many people have suggested standalone firewalls as a method to accomplish your goal.  One other way to do this would be 
to place an individual firewall inside each server.  The best way to do this is to use individual PCI-based firewall 
cards inside each server.  I would recommend looking into PCI firewalls from the following companies:

3Com Embedded Firewall
        - http://www.3com.com/security/
        - $170 to $250 per server
Simple Access Server Protector
        - http://www.simpleaccess.com/site_files/docs/products/server_protector.html
        - Last I saw it was about about $1600 per unit
Merilus Firecard
        - http://www.provantage.com/scripts/go.dll/-s/fc_meri
        - $350-$750 per server

Each product has it's own pros and cons.  A little more research is probably warranted.  Good luck!

Jared Valentine
hidden () xmission com


On Thu, 12 Sep 2002, Shimon Silberschlag wrote:

Lets say we have an internet segment, protected by firewalls at both
ends. On that segment are various servers.
The servers need to talk to other servers outside the segment; uplink
its the internet, downlink the backend servers.
Some of the servers need to be able to talk among them.
We want to control which server can talk to which other server (in the
segment), utilizing one of the firewalls (lets say the uplink one).
Can the group suggest ways to accomplish that? We thought about using
L2 switches with "private VLAN", L3 switches with ACL, but constantly
come across problems doing the routing properly.

Shimon Silberschlag

+972-3-9352785
+972-51-207130


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

List stuff (administrivia) Paul Robertson (Sep 11)
- separating the servers on a switch Shimon Silberschlag (Sep 12)
  - Re: separating the servers on a switch Paul D. Robertson (Sep 12)
  - Re: separating the servers on a switch Jared Valentine (Sep 13)