Firewall Wizards mailing list archives
RE: confusion and in-decision
From: "Claussen, Ken" <Ken () kccweb com>
Date: Sun, 2 Feb 2003 10:20:45 -0500
Several Boxes. Cisco VPN Concentrator 3005(up to 100 users and LAN to LAN tunnels support) with public interface in the DMZ. Microsoft ISA Server two interfaces one inside, external in the DMZ(For Proxy and URL filtering control, plugins available for policy control as well). Trend Micro Message Security Suite for Mail Virus scanning and content filtering(allows policies based on groups). Pix 515E firewall as an access control point and security enforcment device(with 3rd interface for DMZ). All of these on different servers and properly secured and patched and located in the DMZ. Proper Access-Lists on Inside DMZ and Outside interfaces to limit traffic to what is allowed. All of these devices together make up the Firewall System. An edge routing should also be setup with basic egress and ingress filters to allow only your address space to the firewall system. Ken Claussen MCSE(NT42K) CCNA CCA "In Theory it should work as you describe, but the difference between theory and reality is the truth! For this we all strive" -----Original Message----- From: anil bindal [mailto:bindal () dcmtech co in] Sent: Tuesday, January 21, 2003 10:41 PM To: Christine Kronberg Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] confusion and in-decision Hi, we are 120 users in main office, traffic is 256 Kbps WAN, firewall must allow incoming web, ftp , email and dns outgoing email should deny certain attachments based on user email address, like to deny .pdf files for trainees to put restriction for incoming email based on the user/group manage the WAN link bandwidth 5-10 mobile users just one branch office with max 10 users regards anil On Tue, 2003-01-21 at 20:15, Christine Kronberg wrote:
Hi,i have just joined this list to get more information on the firewalls. we are in process of assessing a firewall for our corporate office. Our requirements are as follows : FW, VPN, IDS, EIM , Virus and BW management.That's what you are intend buying, but what are your real requirements? How many users? How many traffic? How many sites? What does your security policy say? What's your level of security? Which protocols and applications must pass the firewall?I would like to know the opinion of the list on following 1)Whether i should go for a single product or for different products
?I don't believe that there is an all-in-one for everything, but probably someone on the list can tell better.2) If for different products, then which products are the best in their category ? 3) In case list recomends going for different products, then can list members share their good/bad experiences on such products ?? For a week now i am trying to search this info on the Inet but i am so confused now. i think that i should go for a HW based FW+VPN and i find Watch Guard isPersonally I don't think that a firewall and a vpn gateway should be on the same node, but from what you write I guess you have a small LAN with few users?a good option but then it does not have proper IDS and BW management.How much do you expect from your IDS? How much effort can be spared to look into the messages from the IDS?also it does not take care of MIME attachments in outgoing emails ( i would like to restrict my users from sending specific attachments say my Quality procedures in .pdf files )You probably want to do that on your internal mail server.While my vendors say that SonicWAll is good, others say checkpoint is good.. so much confusion..Hope you don't mind asking so many questions, but from what you wrote its really hard to make a good advice. Greetings, Chris. -- GeNUA mbH _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: confusion and in-decision Claussen, Ken (Feb 03)