Firewall opinions wanted please - clarification
Alexei Roudnev
alex at relcom.net
Wed Mar 17 03:49:05 UTC 2004
You mean _PROTOCL HANDELING_, I believe.
I do not know, why people are paying so much attention to it. Important
questions are:
- which services are you providing for the public?
- who will handle all your SSL sessions, if any (may be, Load Balancers?
Then you do not bother about FW proxy for them);
- who will handle all http requests (yes, proxy can help here, but it is not
the only way);
- who will inspect mail content (not SMTP protocol, but attachments etc)?
- who will handle your ssh sessions, if you have inbound shh?
- who will handle your inbound VPN or PPTP, if you use it?
- are DDOS attacks dangerous for you (you host SCO, for example) or not (you
provide specific servic for 100 companies, not for wide public);
- do you use host level IDS / change control?
PIX is excellent firewall... for many purposes, but not for others (and not
as a proxy, of course). It is impossible to select anything without knowing
answers on this questions...
AlexeiRoudnev
============
> > As much as I hate to follow up my own post, I suppose I was a bit
> > too vauge
> > for my own good =]
> >
> > We do not run any cisco gear and we are in a Class A data facility.
> >
> > By proxy I did not mean to imply NAT. I cannot remember the proper
> > term but
> > what I mean is full packet handeling as opposed to packet
> > inspection.
> >
> > Security is important but the budget limit is only up to about 3K.
> > I have been
> > trying to get the client a firewall for some time and am just now
> > getting the
> > go ahead.
> >
> >
> >
> > Sorry for any vaugeness but I usually like to not say to much as to
> > sway
> > opinions one way or another and to learn more as any knowlege I have
> > may be
> > wrong or out of date.
> >
> >
> >
> > Nicole
> >
> >
> >
> > On 16-Mar-04 Unnamed Administration sources reported Nicole said :
> > >
> > >
> > >
> > > Hi
> > > I am looking for a good but reasonably priced firewall for a 40 or
> > >so server
> > > site. Some people swear by Pix, others swear at it a lot. Also I
> > >have heard
> > > good things about Netscreen. Or any others you would recommend for
> > >protecting
> > > servers on a busy network. Don't really need anything with VPN just
> > >the
> > > standard http, ftp, ssh, https, type traffic up to 100mb
> > >throughput.
> > > From what I have heard a proxy firewall would be best?
> > >
> > >
> > >
> > > Thanks in advance!!
> > >
> > >
> > > Nicole
> > >
> > >
> >
> >
> >
>
More information about the NANOG
mailing list