Searching \ for '[EE] Still trying to buy a firewall...' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=still+trying+buy
Search entire site for: 'Still trying to buy a firewall...'.

Exact match. Not showing close matches.
PICList Thread
'[EE] Still trying to buy a firewall...'
2008\01\07@135555 by James Newton

face picon face
I'm still trying to get a good professional hardware firewall to replace the
two separate Linksys units I have.

Everybody was telling me to buy a Sonic unit, and I have now got management
approval to actually put out around $800 for one, but I just heard from an
experienced IT guy that it won't do what I want.

We have ONE DSL modem that serves up TWO IP addresses.

I need ONE firewall that can mange BOTH  IP's with different internal
networks and port configurations. One for the web / email server and another
for the users machines / exchange / vpn / etc...

I could purchase TWO Sonics, but then I have to have a hub between the DSL
modem and the two firewalls, which ands another point of failure...

...and it was exactly that which caused slow access to the site this
weekend: The little Netgear 4 port hub that I had between the DSL modem and
the two Linksys units failed.

Ok, here is the real reason: I used the failure of the hub to pound the need
for a professional firewall home to management. "If we had just purchased
the Sonic wall I asked for months ago, this would not have happened, because
there would be no little hub in-between". If I now have to come back and ask
for two firewalls and a new hub, it's going to make me look stupid.

Everything I could find on the sonic wall web site made me believe that they
could manage two separate internal networks, but this guy should know; he
sets them up for a living. And he says he doesn't believe it can be done.

James Newton: PICList webmaster/Admin
spam_OUTjamesnewtonTakeThisOuTspampiclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com


2008\01\07@141416 by Christopher Cole

flavicon
face
On Mon, Jan 07, 2008 at 10:54:19AM -0800, James Newton wrote:
> I'm still trying to get a good professional hardware firewall to replace the
> two separate Linksys units I have.

James,

You can do what you need with iptables on Linux and cheap hardware.  
Personally, I would install a minimal gentoo system and configure iptables.
Alternatively, you could go with a more readily available solution such as
SmoothWall http://www.smoothwall.org .

Take care,
-Chris

--
| Christopher Cole, Cole Design and Development               .....coleKILLspamspam@spam@coledd.com |
| Embedded Software Development and Electronic Design       http://coledd.com |
| Akron, Ohio, USA                                               800-518-2154 |

2008\01\07@142351 by Steven Howes

flavicon
face
Something Cisco. Something in the 800 series is probably more than  
enough.

2008\01\07@154430 by James Newton

face picon face
Sorry, I should have specified: No *nix based software solutions. There are
several reasons, including very (VERY) bad prior experiences with *nix on a
public IP but more than that, current management wants to ensure there is
someone we can sue if a "hacker gets in". Yes, I know... pointy hair. *sigh*


--
James.

{Original Message removed}

2008\01\07@154518 by James Newton

face picon face
Just realized I should have specified that these are STATIC IP addresses
from the DSL modem.

-----Original Message-----
From: piclist-bouncesspamKILLspammit.edu [.....piclist-bouncesKILLspamspam.....mit.edu] On Behalf Of
James Newton
Sent: Monday, January 07, 2008 10:54
To: 'Microcontroller discussion list - Public.'
Cc: EraseMEsupportspam_OUTspamTakeThisOuTsonicwall.com; salesspamspam_OUTsonicwall.com
Subject: [EE] Still trying to buy a firewall...

I'm still trying to get a good professional hardware firewall to replace the
two separate Linksys units I have.

Everybody was telling me to buy a Sonic unit, and I have now got management
approval to actually put out around $800 for one, but I just heard from an
experienced IT guy that it won't do what I want.

We have ONE DSL modem that serves up TWO IP addresses.

I need ONE firewall that can mange BOTH  IP's with different internal
networks and port configurations. One for the web / email server and another
for the users machines / exchange / vpn / etc...

I could purchase TWO Sonics, but then I have to have a hub between the DSL
modem and the two firewalls, which ands another point of failure...

...and it was exactly that which caused slow access to the site this
weekend: The little Netgear 4 port hub that I had between the DSL modem and
the two Linksys units failed.

Ok, here is the real reason: I used the failure of the hub to pound the need
for a professional firewall home to management. "If we had just purchased
the Sonic wall I asked for months ago, this would not have happened, because
there would be no little hub in-between". If I now have to come back and ask
for two firewalls and a new hub, it's going to make me look stupid.

Everything I could find on the sonic wall web site made me believe that they
could manage two separate internal networks, but this guy should know; he
sets them up for a living. And he says he doesn't believe it can be done.

James Newton: PICList webmaster/Admin
@spam@jamesnewtonKILLspamspampiclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com


2008\01\07@162208 by M. Adam Davis

face picon face
It sounds like the reason you want one firewall is to avoid another
point of failure.  It also sounds like you're trying to plug a
mid-range piece of networking equipment into low end equipment (DSL
modem, maybe a cheap switch/hub previously).

High end Sonicwall firewalls will do everything you want and more.  I
don't know about the particular model you are considering, though.

It's nice to decompose everything down into fewest points of failure,
but you're going to make the configuration of the single firewall very
complex - the type of setup you're describing is non-trivial, and the
configuration of a firewall to do everything you want (especially when
the two main jobs of the firewall are orthogonal) means that you are
merely trading one type of failure and complexity for another.  This
doesn't even touch the subject of whether you really should have your
firewall doing double duty as your router as well.

For instance, if the new sonic fails, both your website and internal access die.

As you are also under a budget, you might reconsider your previous
plan and simply replace your current setup with better equipment in
the same configuration.  In an office where I had to manage a few IPs
coming from a DSL modem, the modem itself had the switch built in so I
didn't need the switch/hub that failed in your setup, but I did have
to set up two separate firewall/routers, one with NAT for internal
operations, and one that opened a few ports for a server.  I did at
one point have it all going through a single firewall/nat/router
appliance, but traded it out for redundancy and ease of configuration
(Also I was leaving the company within a year of needing to
reconfigure the network, and didn't want them to have to hire an
expert just to maintain it).  When you get to the mid to high end in
networking, most companies (cisco, sonic, etc) want big bucks for
support - you really have to know their equipment or have a network
engineer come and do it for the complex situations.  So... you might
be better off choosing to go with mid-range stuff you know how to deal
with.

And, while this is unlikely in your case, keep in mind that some
friends/experts who offer free advice and help would rather tell you
something is not possible than tell you that it can work but they
aren't available to help.  If Sonic and several acquaintences say, "It
should work" and one trusted friend/expert says "it won't work" then
it sounds like you've got your work cut out for you

Good luck!

-Adam

On 1/7/08, James Newton <KILLspamjamesnewtonKILLspamspammassmind.org> wrote:
{Quote hidden}

> -

2008\01\07@164950 by James Newton

face picon face
Your points are well taken, and I agree, but it is a matter of getting a
reasonably professional firewall (e.g. NOT another Linksys) within the
available budget. If I could, I would spend the companies money for two full
on firewalls and a switch with a DSL modem and a cable modem for
connectivity. But we still don't grow money trees here so...

The nice people at Sonicwall tell me that the TZ 180 has an "Add LAN SubNet"
option in the configuration that will exactly do what I need.

And I will keep the old Linksys boxes around as backup.

--
James.

{Original Message removed}

2008\01\07@182749 by Andre Abelian

flavicon
face
James,

Since I started using TZ180 I get almost no spyware, virus, internet problems
but XP still once in a while needs to be formatted. I only restore windows section
every thing starts working fine. One of my pc I use windows server 2003 no
Problem with it since I installed about 2 years ago. As far as reliable OS Mac, winodws2003,
Linux are most reliable OS the rest make sure you have restoration disc
other wise you are going to have nightmare fixing it.

Andre  



{Original Message removed}

2008\01\08@184344 by Hector Martin

flavicon
face
James Newton wrote:
> very (VERY) bad prior experiences with *nix on a public IP

If you give up due to bad prior experiences, you'll never learn how to
do things the right way. :) Also, *nix is very broad. There are tons of
different UNIX versions and clones.

--
Hector Martin (spamBeGonehectorspamBeGonespammarcansoft.com)
Public Key: http://www.marcansoft.com/marcan.asc

2008\01\08@211848 by Nate Duehr

face
flavicon
face
James Newton wrote:
> Your points are well taken, and I agree, but it is a matter of getting a
> reasonably professional firewall (e.g. NOT another Linksys) within the
> available budget. If I could, I would spend the companies money for two full
> on firewalls and a switch with a DSL modem and a cable modem for
> connectivity. But we still don't grow money trees here so...
>
> The nice people at Sonicwall tell me that the TZ 180 has an "Add LAN SubNet"
> option in the configuration that will exactly do what I need.
>
> And I will keep the old Linksys boxes around as backup.

Any thoughts about simply moving all public-side servers to a
co-location facility and getting out of the "firewall" business
altogether?  A simple NAT can "protect" small office PC's from outside
attack, really.

It's all about your company's core-competencies.  Are you in the
networking/firewall business?  If not, leave that to someone else and
focus on your work.

You shouldn't even have to run the public-side stuff at an office at
all, these days.

You're seeing where the breakpoint is -- professional firewalls are more
expensive than cheap SoHo stuff.

Virutal servers are cheap and perform well.  They're often in much
better physical environments than a small company can ever possibly
afford, and they come with at least a small team of additional "virtual
staff" who deal with the majority of their issues/problems.

Nate

More... (looser matching)
- Last day of these posts
- In 2008 , 2009 only
- Today
- New search...