Help...
I am part of a team that does network and system administration at my
kid's school. We have ~100 systems connected through a St. Bernard
content filtering box to the internet.
We've figured out that it's time for a real firewall, and I'm looking
for recommendations.
Any specific features I need?
Any models in mind?
Thanks in advance,
RB
Rube Bumpkin wrote:
>Help...
>
>I am part of a team that does network and system administration at my
>kid's school. We have ~100 systems connected through a St. Bernard
>content filtering box to the internet.
>
>We've figured out that it's time for a real firewall, and I'm looking
>for recommendations.
>
>Any specific features I need?
>
>Any models in mind?
>
>Thanks in advance,
>RB
You should decide what feature you need for your network. Are you
going to need a DMZ for publicly accessed servers? Are you going to
need a FW capable of IPS functions and anti-virus? How many interfaces
will you need? Do you need VLAN capability? VPN?
I have a personal bias for Secure Computing's Sidewinder appliances
because they are rock-solid (never been compromised) and have more
out-of-the-box capability than any other firewall I know of.
http://www.securecomputing.com/index.cfm?skey=20
The 210 is fairly inexpensive and can handle 150 clients.
http://www.securecomputing.com/index.cfm?skey=1676
>
> You should decide what feature you need for your network. Are you
> going to need a DMZ for publicly accessed servers? Are you going to
> need a FW capable of IPS functions and anti-virus? How many interfaces
> will you need? Do you need VLAN capability? VPN?
>
> I have a personal bias for Secure Computing's Sidewinder appliances
> because they are rock-solid (never been compromised) and have more
> out-of-the-box capability than any other firewall I know of.
>
> http://www.securecomputing.com/index.cfm?skey=20
>
> The 210 is fairly inexpensive and can handle 150 clients.
>
> http://www.securecomputing.com/index.cfm?skey=1676
>
>
Well it looks like I'm in way over my head, since I'm not sure how to
answer your questions. I'm not even sure I understand them.
I did look at the Sidewinder and it seems like overkill.
- We're using a standard Cable connection to the internet, so we only
need 3 to 5 MBits of throughput.
- The teachers have laptops and they need to get to an internal database
for grades and homework assignments, etc.
- We have 3 small websites that we'll want the world to get to.
- We currently use RAS and RDC for remote troubleshooting, and some file
access.
- We're looking at bringing our email in-house on a local Exchange server.
- Our budget is small, and we're looking at getting some state and
federal grant money to pay for whatever we buy.
How does this fit into your recommendations?
RB
Rube Bumpkin wrote:
>
>>
>> You should decide what feature you need for your network. Are you
>> going to need a DMZ for publicly accessed servers? Are you going to
>> need a FW capable of IPS functions and anti-virus? How many interfaces
>> will you need? Do you need VLAN capability? VPN?
>>
>> I have a personal bias for Secure Computing's Sidewinder appliances
>> because they are rock-solid (never been compromised) and have more
>> out-of-the-box capability than any other firewall I know of.
>>
>> http://www.securecomputing.com/index.cfm?skey=20
>>
>> The 210 is fairly inexpensive and can handle 150 clients.
>>
>> http://www.securecomputing.com/index.cfm?skey=1676
>>
>>
>
>Well it looks like I'm in way over my head, since I'm not sure how to
>answer your questions. I'm not even sure I understand them.
>
>I did look at the Sidewinder and it seems like overkill.
>
>- We're using a standard Cable connection to the internet, so we only
>need 3 to 5 MBits of throughput.
The maximum throughput of the firewall includes all interfaces and is
more an indication of the speed of processing packets than it is how
much bandwidth you have available. Then again, when your working from
your internal network and accessing a DMZ, it's nice to have a 100Mb
connection to transfer files without effecting your other bandwidth
needs.
>- The teachers have laptops and they need to get to an internal database
>for grades and homework assignments, etc.
The Sidewinder comes equipped with built-in VPN, which would allow
ultra-secure access to your internal network (you can use passwords,
certificates, LDAP, and even software or hardware access tokens). Most
firewalls do not have this feature and you need an extra box for VPN.
>- We have 3 small websites that we'll want the world to get to.
You need a DMZ for any publicly available web sites. That is the only
secure way to go.
>- We currently use RAS and RDC for remote troubleshooting, and some file
>access.
Using VPN with RDC is a snap on the Sidewinder and much more secure
than using RAS. I've even seen people use RDC without VPN using
certificates and passwords for authentication, but I don't recommend
doing it that way.
>- We're looking at bringing our email in-house on a local Exchange server.
The Sidewinder comes with a secure, split mail transport (one
transport on the external side and one on the internal side to prevent
direct connection between external and internal services) that is
solid as a rock. The secure OS is based on BSD and uses sendmail. You
can also add virus-scanning of email (and web traffic) as well as an
anti-spam engine. Although this would cost extra.
>- Our budget is small, and we're looking at getting some state and
>federal grant money to pay for whatever we buy.
The 210 would probably run around $1100, but I haven't priced them in
a while. You might even be able to get a special government discount.
If it helps, the US Government uses Sidewinders in it's most secure
areas (DOD, NAS, etc...)
>How does this fit into your recommendations?
>
>RB
It fits very nicely. The only problem I could see is that you really
need someone who knows what they are doing to set up a firewall
properly. Even the most secure firewall can be bypassed if it is
configured improperly.
On Wed, 19 Dec 2007 19:24:49 -0500, Rube Bumpkin wrote
> - Our budget is small <snip>
How about checking out Untangle <http://www.untangle.com>?
-- Leon Cornelio
On Thu 20 Dec 2007 01:43:16p, leoncornelio@merrick.invalid (Leon Cornelio)
took the time to tell us all in
news:476ab6ba.227383507@news.sf.sbcglobal.net:
> On Wed, 19 Dec 2007 19:24:49 -0500, Rube Bumpkin wrote
>
>> - Our budget is small <snip>
>
> How about checking out Untangle <http://www.untangle.com>?
>
> -- Leon Cornelio
heck out the yellow boxes.. they take old pcs and install linux to make
servers. custom mqde for a school.
--
"Time will bring to light whatever is hidden;
it will cover up and conceal what is now shining in splendor."
Horace (65 - 8 BC); Roman poet.
Mike
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote