Considering Novell's Bordermanger
Background info:
Currently own:
- Netware 5.0 (50 licenses)
- Exchange Server 5.5
I need a good firewall with VPN services.
I am considering an 'upgrade' to Netware for small business which will include Netware with 50 clients,
Bordermanager Firewall, Faxing and Groupwise.
Since this package also includes Groupwise... I also have the option of migrating and solving some long
outstanding problems with Exchange such as viruses, forms and workflow management (never very good in
Exchange), single instance stores and overall much better security (esp. over Internet).
My questions: Is this a sound idea because I'm basically (in a sense) downgrading, however, this company
does not expect to grow to 50 clients in the next 2 years (currently 28 clients and 40 computers/connections).
What are the potential pitfalls to this plan?
Any additional benefits to doing this as I still have to
propose this plan to my CFO).
My other alternative was to install ISA2000 (apx. same cost).
I'll start the reward at 150pts but will offer more for really good, detailed answers.
Thank you.
(question repeated from Novell group)
Currently own:
- Netware 5.0 (50 licenses)
- Exchange Server 5.5
I need a good firewall with VPN services.
I am considering an 'upgrade' to Netware for small business which will include Netware with 50 clients,
Bordermanager Firewall, Faxing and Groupwise.
Since this package also includes Groupwise... I also have the option of migrating and solving some long
outstanding problems with Exchange such as viruses, forms and workflow management (never very good in
Exchange), single instance stores and overall much better security (esp. over Internet).
My questions: Is this a sound idea because I'm basically (in a sense) downgrading, however, this company
does not expect to grow to 50 clients in the next 2 years (currently 28 clients and 40 computers/connections).
What are the potential pitfalls to this plan?
Any additional benefits to doing this as I still have to
propose this plan to my CFO).
My other alternative was to install ISA2000 (apx. same cost).
I'll start the reward at 150pts but will offer more for really good, detailed answers.
Thank you.
(question repeated from Novell group)
we looked into BoaderManager for a while. in the end, we went with Cisco Pix firewalls.
several reasons for this, some of which are:
- BorderManager REQUIRES a Novell Server to run. This is expensive to properly setup a box just for this.
- BorderManager is SOFTWARE, and like any software, can be hacked/crashed much easier than hardware - especially if the Novell box that it's installed on is not secure enough.
- BorderManager REQUIRES a Novell network to run. If you ever even consider moving away from Novell, you'll have to purchase a brand new firewall.
- If you want redundant firewalls (in case one does go down) you have to buy 2 boxes, and 2 copies of BorderManager. With the Cisco Pix, the 2nd redundant firewall is always included.
several reasons for this, some of which are:
- BorderManager REQUIRES a Novell Server to run. This is expensive to properly setup a box just for this.
- BorderManager is SOFTWARE, and like any software, can be hacked/crashed much easier than hardware - especially if the Novell box that it's installed on is not secure enough.
- BorderManager REQUIRES a Novell network to run. If you ever even consider moving away from Novell, you'll have to purchase a brand new firewall.
- If you want redundant firewalls (in case one does go down) you have to buy 2 boxes, and 2 copies of BorderManager. With the Cisco Pix, the 2nd redundant firewall is always included.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I wouldn't touch a software firewall if I could help it. However, I would look into the possibility of investing in a hardware appliance firewall - nothing too flash and still using Border Manager as an HTTP and application Proxy.
This would make it easier to configure outbound access as it could be done on a NDS object basis. Your network would be much more secure as you would have an additional layer in front of your Proxy server and access would be assigned to just the one machine.
Any decent hardware appliance firewall will be much quicker to configure, more secure and easier to replace than a firewall application running on a server.
This would make it easier to configure outbound access as it could be done on a NDS object basis. Your network would be much more secure as you would have an additional layer in front of your Proxy server and access would be assigned to just the one machine.
Any decent hardware appliance firewall will be much quicker to configure, more secure and easier to replace than a firewall application running on a server.
Some of your open 23 questions are current, but many are not. ADMINISTRATION WILL BE CONTACTING YOU SHORTLY. Moderators Computer101, Netminder or Mindphaser will return to finalize these if they are still open in 7 days. Experts, please post closing recommendations before that time.
Below are your open questions as of today. Questions which have been inactive for 21 days or longer are considered to be abandoned and for those, your options are:
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response. This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database. If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
--> Post comments for expert of your intention to delete and why
--> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.
For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
https://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process. https://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
Click you Member Profile to view your question history and please keep them updated. If you are a KnowledgePro user, use the Power Search option to find them.
Questions which are LOCKED with a Proposed Answer but do not help you, should be rejected with comments added. When you grade the question less than an A, please comment as to why. This helps all involved, as well as others who may access this item in the future. PLEASE DO NOT AWARD POINTS TO ME.
To view your open questions, please click the following link(s) and keep them all current with updates.
https://www.experts-exchange.com/questions/Q.20022366.html
https://www.experts-exchange.com/questions/Q.20022363.html
https://www.experts-exchange.com/questions/Q.20142011.html
https://www.experts-exchange.com/questions/Q.20163170.html
https://www.experts-exchange.com/questions/Q.20163198.html
https://www.experts-exchange.com/questions/Q.20165526.html
https://www.experts-exchange.com/questions/Q.20165532.html
https://www.experts-exchange.com/questions/Q.20175313.html
https://www.experts-exchange.com/questions/Q.20176088.html
https://www.experts-exchange.com/questions/Q.20188199.html
https://www.experts-exchange.com/questions/Q.20188197.html
https://www.experts-exchange.com/questions/Q.20191317.html
https://www.experts-exchange.com/questions/Q.20191318.html
https://www.experts-exchange.com/questions/Q.20191319.html
https://www.experts-exchange.com/questions/Q.20194139.html
https://www.experts-exchange.com/questions/Q.20251645.html
https://www.experts-exchange.com/questions/Q.20263647.html
https://www.experts-exchange.com/questions/Q.20266099.html
https://www.experts-exchange.com/questions/Q.20271348.html
https://www.experts-exchange.com/questions/Q.20274640.html
https://www.experts-exchange.com/questions/Q.20265767.html
https://www.experts-exchange.com/questions/Q.20298168.html
https://www.experts-exchange.com/questions/Q.20298175.html
***** E X P E R T S P L E A S E ****** Leave your closing recommendations.
If you are interested in the cleanup effort, please click this link
https://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643
POINTS FOR EXPERTS awaiting comments are listed in the link below
https://www.experts-exchange.com/commspt/Q.20277028.html
Moderators will finalize this question if in @7 days Asker has not responded. This will be moved to the PAQ (Previously Asked Questions) at zero points, deleted or awarded.
Thanks everyone.
Moondancer
Moderator @ Experts Exchange
Below are your open questions as of today. Questions which have been inactive for 21 days or longer are considered to be abandoned and for those, your options are:
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response. This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database. If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
--> Post comments for expert of your intention to delete and why
--> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.
For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
https://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process. https://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
Click you Member Profile to view your question history and please keep them updated. If you are a KnowledgePro user, use the Power Search option to find them.
Questions which are LOCKED with a Proposed Answer but do not help you, should be rejected with comments added. When you grade the question less than an A, please comment as to why. This helps all involved, as well as others who may access this item in the future. PLEASE DO NOT AWARD POINTS TO ME.
To view your open questions, please click the following link(s) and keep them all current with updates.
https://www.experts-exchange.com/questions/Q.20022366.html
https://www.experts-exchange.com/questions/Q.20022363.html
https://www.experts-exchange.com/questions/Q.20142011.html
https://www.experts-exchange.com/questions/Q.20163170.html
https://www.experts-exchange.com/questions/Q.20163198.html
https://www.experts-exchange.com/questions/Q.20165526.html
https://www.experts-exchange.com/questions/Q.20165532.html
https://www.experts-exchange.com/questions/Q.20175313.html
https://www.experts-exchange.com/questions/Q.20176088.html
https://www.experts-exchange.com/questions/Q.20188199.html
https://www.experts-exchange.com/questions/Q.20188197.html
https://www.experts-exchange.com/questions/Q.20191317.html
https://www.experts-exchange.com/questions/Q.20191318.html
https://www.experts-exchange.com/questions/Q.20191319.html
https://www.experts-exchange.com/questions/Q.20194139.html
https://www.experts-exchange.com/questions/Q.20251645.html
https://www.experts-exchange.com/questions/Q.20263647.html
https://www.experts-exchange.com/questions/Q.20266099.html
https://www.experts-exchange.com/questions/Q.20271348.html
https://www.experts-exchange.com/questions/Q.20274640.html
https://www.experts-exchange.com/questions/Q.20265767.html
https://www.experts-exchange.com/questions/Q.20298168.html
https://www.experts-exchange.com/questions/Q.20298175.html
***** E X P E R T S P L E A S E ****** Leave your closing recommendations.
If you are interested in the cleanup effort, please click this link
https://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643
POINTS FOR EXPERTS awaiting comments are listed in the link below
https://www.experts-exchange.com/commspt/Q.20277028.html
Moderators will finalize this question if in @7 days Asker has not responded. This will be moved to the PAQ (Previously Asked Questions) at zero points, deleted or awarded.
Thanks everyone.
Moondancer
Moderator @ Experts Exchange
ASKER
Thanks for your answers everyone!
But.... It's probably a bad idea to run your firewall on the same machine as everything else. You want an architecture that looks more like this:
--Internet--Firewall--Inte
Or better yet
--Internet--Firewall--Inte
|
Internet-visible systems
Where Internet visible stuff would include your e-mail server.
And... If you really want to be cost consience, don't use $$$ commercial software at all.
An OpenBSD system running IPf makes a great firewall.
And an OpenBSD, FreeBSD, or Linux system running Sendmail and SAMBA makes a great e-mail and file/print server. No workflow management support, though, without some fancier add-on stuff.