?
Solved

Network design

Posted on 2004-09-14
11
Medium Priority
?
183 Views
Last Modified: 2013-12-03
Hello, we are going to connect 3 diffrent networks, one department in sotra, one i bergen and one in oslo.
The idea is that the sites in bergen and oslo is going to clock in at the sotra site. They also have to use the accounting program that is located in the sotra site.

There are 30 users in the sotra site, 10 in oslo and 5 i bergen.
There are servers in all the sites 2003 in sotra and nt 4.0 in oslo and bergen. They are not connected at all.
There are already set up adsl at all 3 sites.

We are considering a  VPN soultion and setting up terminal services over VPN, and we are also considering connecting the sites permanently.

What would be the best solution so that is meets the needs of the company?

Cisco or Netscreen ? Which firewalls or routers would be right for this company and soulutions?

Thanks a lot.
 
0
Comment
Question by:daxa78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
11 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 1500 total points
ID: 12054961
I always prefered CISCO solutions.. It is expensive, but the support is great, and you cannot go wrong with the quality..

I would install some PIX 506E at the 3 sites considering the number of users you have... DO you plan to have more sites, or maybe have more users in a site? In any case.. if you plan to have a central site that will get bigger, and want additional interfaces on your firewall.. I would then go for a PIX 515 at the central location.

Pix 506e: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps4336/index.html
Pix 515e : http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps4094/index.html

You would make permanent tunnel between all location and the central one, and access through terminal services.. This work great btw, that is what we are doing here.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12055005
If you do that btw.. be sure to have Good security at each site. Each additional connected site is an additional danger for you. So you have to have a centralized antivirus solution everywhere, and be sure to configure your ACL very carefully. Only allow connection on ports that are needed..
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12055017
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 1

Author Comment

by:daxa78
ID: 12057369
What would be the equivalent netscreen model to the cisco pix? And how is it compared to the pix? Ease of setup and so on.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12057528
If you are using the graphical interface to setup both, I think they are about the same.. You also have the possibility to configure the PIX via telnet, with a command prompt type language.. More difficult, but you can do more with it.. and it's more powerfull.

Hmm the netscreen equivalent would be one of these:
http://www.juniper.net/products/glance/nscn_5.html probably the XT elite version.. never used their product, So i cannot tell you for sure..

The 515 would be this product. (again, not sure.. probably the 50, but better)
http://www.juniper.net/products/glance/nscn_25_50.html

Like I said, if you want quality, go with cisco..  It may seem more complicated at 1st, but in the long term, you'll be the winner.
0
 
LVL 1

Author Comment

by:daxa78
ID: 12061927
So Cisco products has a higher quality than Netscreen ?
More secure and so on?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12062619
Also look at SSL (Clientless) VPNs.  These give you the ability to deliver your Terminal Services program via Java over an HTTPS page that can be accessible worldwide (or parts of the world, if you block out certain networks).  
This would not require any VPN hardware at the remote sites - just a central VPN server in your office.  Look at Citrix N-Fuse, Tarantella, Netilla, Whale for this sort of thing.  Also Cisco VPN Concentrators and Check Point can do this, but cost more.
Cisco and Netscreen quality are more or less the same, but Netscreen is better value.  Fortinet is even more better value...
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12064285
Yes, fortinet is an awesome product.... Their product contain a Virus wall that scans everything that comes in and out.. in addition to the firewall and VPN Capabilities.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12064300
0
 
LVL 1

Author Comment

by:daxa78
ID: 12073105
Why would we need 3 506 ? Would it not be enough to have 2 501 pixes 10 users at the remote offices?

The idea is that they are going to use remote desktop and terminal services, to access the sotra site. (there will be a maximum of 5 concurrent users)

The Sotra site has a 2048/512 mb adsl line and the other offices has 1 mb adsl line.

How would this solution work?  The communication between the 506 and the 501 would not be a problem right?
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12074185
Don't you have 3 offices??.. Yes, you could also install 2 501.. it would work out.. I was only suggesting the 506e for future expension.. All pix firewall can connect between themselves with no problem at all...

0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month13 days, 15 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question