North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Firewall opinions wanted please - clarification
You mean _PROTOCL HANDELING_, I believe. I do not know, why people are paying so much attention to it. Important questions are: - which services are you providing for the public? - who will handle all your SSL sessions, if any (may be, Load Balancers? Then you do not bother about FW proxy for them); - who will handle all http requests (yes, proxy can help here, but it is not the only way); - who will inspect mail content (not SMTP protocol, but attachments etc)? - who will handle your ssh sessions, if you have inbound shh? - who will handle your inbound VPN or PPTP, if you use it? - are DDOS attacks dangerous for you (you host SCO, for example) or not (you provide specific servic for 100 companies, not for wide public); - do you use host level IDS / change control? PIX is excellent firewall... for many purposes, but not for others (and not as a proxy, of course). It is impossible to select anything without knowing answers on this questions... AlexeiRoudnev ============ > > As much as I hate to follow up my own post, I suppose I was a bit > > too vauge > > for my own good =] > > > > We do not run any cisco gear and we are in a Class A data facility. > > > > By proxy I did not mean to imply NAT. I cannot remember the proper > > term but > > what I mean is full packet handeling as opposed to packet > > inspection. > > > > Security is important but the budget limit is only up to about 3K. > > I have been > > trying to get the client a firewall for some time and am just now > > getting the > > go ahead. > > > > > > > > Sorry for any vaugeness but I usually like to not say to much as to > > sway > > opinions one way or another and to learn more as any knowlege I have > > may be > > wrong or out of date. > > > > > > > > Nicole > > > > > > > > On 16-Mar-04 Unnamed Administration sources reported Nicole said : > > > > > > > > > > > > Hi > > > I am looking for a good but reasonably priced firewall for a 40 or > > >so server > > > site. Some people swear by Pix, others swear at it a lot. Also I > > >have heard > > > good things about Netscreen. Or any others you would recommend for > > >protecting > > > servers on a busy network. Don't really need anything with VPN just > > >the > > > standard http, ftp, ssh, https, type traffic up to 100mb > > >throughput. > > > From what I have heard a proxy firewall would be best? > > > > > > > > > > > > Thanks in advance!! > > > > > > > > > Nicole > > > > > > > > > > > > >
|