Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: confusion and in-decision

From: "Claussen, Ken" <Ken () kccweb com>
Date: Sun, 2 Feb 2003 10:20:45 -0500
Several Boxes. Cisco VPN Concentrator 3005(up to 100 users and LAN to
LAN tunnels support) with public interface in the DMZ. Microsoft ISA
Server two interfaces one inside, external in the DMZ(For Proxy and URL
filtering control, plugins available for policy control as well). Trend
Micro Message Security Suite for Mail Virus scanning and content
filtering(allows policies based on groups). Pix 515E firewall as an
access control point and security enforcment device(with 3rd interface
for DMZ). All of these on different servers and properly secured and
patched and located in the DMZ. Proper Access-Lists on Inside DMZ and
Outside interfaces to limit traffic to what is allowed. All of these
devices together make up the Firewall System. An edge routing should
also be setup with basic egress and ingress filters to allow only your
address space to the firewall system.

Ken Claussen MCSE(NT42K) CCNA CCA
"In Theory it should work as you describe, but the difference between
theory and reality is the truth! For this we all strive"



-----Original Message-----
From: anil bindal [mailto:bindal () dcmtech co in] 
Sent: Tuesday, January 21, 2003 10:41 PM
To: Christine Kronberg
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] confusion and in-decision


Hi, 


we are 120 users in main office, traffic is 256 Kbps WAN, firewall must
allow incoming web, ftp , email and dns

outgoing email should deny certain attachments based on user email
address, like to deny .pdf files for trainees

to put restriction for incoming email based on the user/group

manage the WAN link bandwidth

5-10 mobile users

just one branch office with max 10 users

regards
anil


On Tue, 2003-01-21 at 20:15, Christine Kronberg wrote:


  Hi,


i have just joined this list to get more information on the 
firewalls. we are in process of assessing a firewall for our 
corporate office.

Our requirements are as follows :

FW, VPN, IDS, EIM , Virus and BW management.


  That's what you are intend buying, but what are your real
  requirements? How many users? How many traffic? How many
  sites? What does your security policy say? What's your level
  of security? Which protocols and applications must pass the
  firewall?


I would like to know the opinion of the list on following

1)Whether i should go for a single product or for different products



?


  I don't believe that there is an all-in-one for everything, but
  probably someone on the list can tell better.


2) If for different products, then which products are the best in 
their category ?
3) In case list recomends going for different products, then can 
list members share their good/bad experiences on such products ??

For a week now i am trying to search this info on the Inet but i am 
so confused now.

i think that i should go for a HW based FW+VPN and i find Watch 
Guard is


  Personally I don't think that a firewall and a vpn gateway should
  be on the same node, but from what you write I guess you have
  a small LAN with few users?


a good option but then it does not have proper IDS and BW 
management.


  How much do you expect from your IDS? How much effort can be spared
  to look into the messages from the IDS?


also it does not take care of MIME attachments in outgoing emails ( 
i would like to restrict my users from sending specific attachments 
say my Quality procedures in .pdf files )


  You probably want to do that on your internal mail server.


While my vendors say that SonicWAll is good, others say checkpoint 
is good.. so much confusion..


  Hope you don't mind asking so many questions, but from what you
  wrote its really hard to make a good advice.

  Greetings,


                                                           Chris.

--
GeNUA mbH


_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: