iyiola
asked on
Which firewall?
I'm looking for a hardware firewall for windows 2003 server. budget: $4000
The firewall should not have limitation on the number of concurrent users or rather should be able to stand numerous connections as client anticipate huge concurrent users. About 20,000 concurrent users
Can we buy used firewall? How do we know the firewall is good?
Any help will be appreciated
The firewall should not have limitation on the number of concurrent users or rather should be able to stand numerous connections as client anticipate huge concurrent users. About 20,000 concurrent users
Can we buy used firewall? How do we know the firewall is good?
Any help will be appreciated
ASKER
Hi LucF,
What is PIX?
I 'm clueless when it comes to hardware firewall. You could sell me a box I'll take it.
What is PIX?
I 'm clueless when it comes to hardware firewall. You could sell me a box I'll take it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
20,000 concurrent connections to a W2K server ??
You mean HTTP connections ?
That's a hell of a lot.. ! Are your W2K servers clustered ?
A firewall is NOT the be all and end all to securing your server. You need a patch management process to ensure it's always up to date, plus you need to configure your firewall to only allow HTTP to this internal server.
A PIX 515 would be adequate for this sort of environment, or preferably two.
I would also seriously consider units that have load balancing AND firewallng built in, so you can have 2 or 3 W2K servers behind the firewall all being load balanced behind a single IP address, served by a redundant pair of load balancers.
You can buy a used Cisco PIX and buy a special license for it to bring it up to level in support terms if you like ?
We need more information about your overall business goals here...
Also, how about a firewall / load balancing device that also offers you IPS ? eg - Check Point SmartDefense, Netscreen Deep Inpection ?
You mean HTTP connections ?
That's a hell of a lot.. ! Are your W2K servers clustered ?
A firewall is NOT the be all and end all to securing your server. You need a patch management process to ensure it's always up to date, plus you need to configure your firewall to only allow HTTP to this internal server.
A PIX 515 would be adequate for this sort of environment, or preferably two.
I would also seriously consider units that have load balancing AND firewallng built in, so you can have 2 or 3 W2K servers behind the firewall all being load balanced behind a single IP address, served by a redundant pair of load balancers.
You can buy a used Cisco PIX and buy a special license for it to bring it up to level in support terms if you like ?
We need more information about your overall business goals here...
Also, how about a firewall / load balancing device that also offers you IPS ? eg - Check Point SmartDefense, Netscreen Deep Inpection ?
ASKER
Thanks to LucF and tim holman
From your advise, the preferred option would be PIX 515.
Tim raised a question
>Also, how about a firewall / load balancing device that also offers you IPS ? eg - Check Point >SmartDefense, Netscreen Deep Inpection
So if we buy one of the above Check Point etc...., we may not need to add more servers for load balancing?
I'm confused here.
Currently, the client has 2 servers DELL POWER EDGE 6350 INTEL XEON 111 4 GIM RAM, for SQL server and SAME for the application.
Are these two enough for 20,000 concurrent HTTP connections daily?
I will appreciate your input on this
Thanks
From your advise, the preferred option would be PIX 515.
Tim raised a question
>Also, how about a firewall / load balancing device that also offers you IPS ? eg - Check Point >SmartDefense, Netscreen Deep Inpection
So if we buy one of the above Check Point etc...., we may not need to add more servers for load balancing?
I'm confused here.
Currently, the client has 2 servers DELL POWER EDGE 6350 INTEL XEON 111 4 GIM RAM, for SQL server and SAME for the application.
Are these two enough for 20,000 concurrent HTTP connections daily?
I will appreciate your input on this
Thanks
If the application is crucial, then you should have 2 web servers, and 2 SQL servers to cope with any downtime. You would then load balance the web servers, so they were visible as one IP address on the Internet.
Is this where you want to go ??
If not, then how much security do you need ? Do you need 2 firewalls for redundancy as well ?
Do you just want a firewall that allows port 80 into your web server ? If so, more or less ANY firewall should suffice as this is a simple scenario and all firewalls provide basic HTTP server protection.
PATCH MANAGEMENT is CRUCIAL regardless !
Is this where you want to go ??
If not, then how much security do you need ? Do you need 2 firewalls for redundancy as well ?
Do you just want a firewall that allows port 80 into your web server ? If so, more or less ANY firewall should suffice as this is a simple scenario and all firewalls provide basic HTTP server protection.
PATCH MANAGEMENT is CRUCIAL regardless !
ASKER
Thanks Tim,
The client would like to load balance after about 3 months in operation. I would recommend PIX 515 firewall. The need for a firewall is to provide additional security against hackers. Yes the PATH management is uptodate.
How much of an effort is it to load balance 2 servers?
What should we expect from an expert in terms of cost to do this assuming we have all the hardwar ready?
The client would like to load balance after about 3 months in operation. I would recommend PIX 515 firewall. The need for a firewall is to provide additional security against hackers. Yes the PATH management is uptodate.
How much of an effort is it to load balance 2 servers?
What should we expect from an expert in terms of cost to do this assuming we have all the hardwar ready?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Tim,
I have awarded 100 points to you. and 25 to LucF
Thanks for the suggestions
I have awarded 100 points to you. and 25 to LucF
Thanks for the suggestions
With a budget of $4000, think at least PIX!
Greetings,
LucF