Firewall Wizards mailing list archives
Re: PUBLIC: boxed "multi-purpose" firewalls - overkill??
From: peter.vaterlaus () ubs com
Date: Wed, 14 Oct 1998 17:47:28 +0200
Michael, IMO a bastion host usually uses a single NIC only. Therfore only application gateways can be implemented there. Most 'boxed' firewalls are designed with multiple NICs and a distinction between 'secure', i.e. intranet, and 'insecure' NICs. The rules then apply either in the direction from 'insecure' to 'secure' side or opposite. For this type FWs you need a design router <--> FW <--> router. Depending on your security requirements and your firewall you can also omit one or both of the routers. Wheter you require a 'pass through' FW or one or more 'classical' bastion hosts or a mix of all of them depends mainly on: 1) the security requirements (policy) 2) the applications (IP-protocols) and in most cases also on the experience and preferences of the FW designer of course! If you are not very experienced in FW implementations, I recommend you a multiple NIC solution. But as mentioned above, it finally depends on your requirements. Regards Peter Vaterlaus Note: I speak here for my own, not for my employer ______________________________ Reply Separator _________________________________ Subject: PUBLIC: boxed "multi-purpose" firewalls - overkill?? Author: mjd at zhux/DD.RFC-822=mjd () interaxon gr Date: 14.10.98 15:47 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi all I am putting together a firewall, only on paper for now, and a few questions concerning the usefulness of boxed "muti-purpose" firewall products have surfaced. I hope some of you guys can give me your thoughts on the matter. suppose... I have set up a screened network architecture firewall which is connected to the internet via an ISDN router (a baynetworks clam), and then this dmz is connected to my internal network via a packet filtering router (suggestions most welcome). Ok, so now I need a bastion host to proxy my smtp, dns, and WWW. So I think .. the client wants ease of use and reporting etc etc, has to be NT based, they have no nix skills at all.. so what about a boxed NT firewall product .. ok I say, how about Eagle (as everyone else is on about FW-1, and I like to be different), it does all I want and more.. packet filtering.. but I am sat here wondering why do I need this packet filtering? I certainly dont want to combine this bastion host with my choke router. Perhaps I could put it after my ISDN router, but is this really neccessary? So I am wondering why spend big bucks on a "multi-purpose" firewall package like Eagle is it only for the reporting capabilities? i would be interested in hearing how others see the use of these products. mike - ---------------------------------------------- Michael J. Dilworth Interaxon ltd. 8 Rizariou St. tel:(+301)6801013/4 Halandri Fax:(+301)6801015 15233 Athens Greece - ---------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com> iQA/AwUBNiSRX26RYzC+RAvaEQKgeQCg8CG8pL7tZ13PIsH0IPsJFhvx3IoAoJFG 8B32OrGgwnz3JV2pGPtGq73K =Gf+0 -----END PGP SIGNATURE-----
Current thread:
- boxed "multi-purpose" firewalls - overkill?? mjd (Oct 14)
- Re: PUBLIC: boxed "multi-purpose" firewalls - overkill?? peter . vaterlaus (Oct 14)
- Re: PUBLIC: boxed "multi-purpose" firewalls - overkill?? Joseph S. D. Yao (Oct 16)
- Re: PUBLIC: Re: PUBLIC: boxed "multi-purpose" firewalls - peter . vaterlaus (Oct 16)
- Re: PUBLIC: boxed "multi-purpose" firewalls - overkill?? Joseph S. D. Yao (Oct 16)
- <Possible follow-ups>
- RE: boxed "multi-purpose" firewalls - overkill?? Noller, Gregory (Oct 14)
- Re: PUBLIC: boxed "multi-purpose" firewalls - overkill?? peter . vaterlaus (Oct 14)