RE: Firewall Implementation Strategy ?

["Alexis Villagra - VILSOL LatinAmerica" <alexis () vilsol com>]

I recommend you to use a SONICWALL firewall, you can license on the same box
the IPS, this intrusion prevention is needed to compliment the security
offered by the firewall that protect until layer 4m while IPS protects form
layer 5 to 7.
SONICWALL is very easy and low cost.
Regards,
Alexis Villagra
www.vilsol.com


-----Mensaje original-----
De: Hayden Searle [mailto:hayden.searle () safecom co nz]
Enviado el: Friday, October 15, 2004 12:47 AM
Para: vijay () calsoftinc com; Security Basics
Asunto: RE: Firewall Implementation Strategy ?


Hi Vijay

A lot of this depends on the resource you have available and what you
are wanting to spend.

A reasonable way of doing it is having a SPI firewall on the outside
like Checkpoint FW1 NG with AI. Create rules to only allow inbound
traffic to your DMZ or through a VPN (if you have or want one) and NAT
everything at that point to an internal address. In front of the DMZ you
could have an ISA server (If you use MS IIS and Exchange) to do the
application layer filtering of the actual URL's and the SMTP commands,
before passing them on to the server in the DMZ.

Another option is using the AI feature of the checkpoint firewall to
filter the http and smtp commands along with other filters. In which
case you can easily use the public IP's on the DMZ boxes, without NATs
on the firewall.

Like I said though it depends on the size of the company and what they
are prepared to spend, but that a couple of ideas anyway.

Hayden searle

-----Original Message-----
From: Vijay Kumar [mailto:vijay () calsoftinc com]
Sent: Wednesday, 13 October 2004 11:23 p.m.
To: Security Basics
Subject: Firewall Implementation Strategy ?

Hello,

Currently we are havig a software firewall and the DMZ is in another
Private Subnet.
We use Port Forwarding from the software firewall to access the DMZ
servers from outside.

I have seen other implementations of Firewall where the DMZ is in a
seperate subnet with Public IP Address.
> From the Firewall we allow only access to certain ports.

Can someone tell me the Pros and Cons of each of this implementation ?

I need to know the different types of firewall implementation so that I
can redesign the new implementation.
Where can I get some good guidelines for the same ?

Regards,
Vijay.

############################################################################
#########
Important: This electronic message and attachments (if any) are confidential
and may be legally privileged. If you are not the intended recipient do not
copy, disclose or use the contents in any way. Please let us know by return
e-mail immediately and then destroy this message.
############################################################################
#########