Network design

Hello, we are going to connect 3 diffrent networks, one department in sotra, one i bergen and one in oslo.
The idea is that the sites in bergen and oslo is going to clock in at the sotra site. They also have to use the accounting program that is located in the sotra site.

There are 30 users in the sotra site, 10 in oslo and 5 i bergen.
There are servers in all the sites 2003 in sotra and nt 4.0 in oslo and bergen. They are not connected at all.
There are already set up adsl at all 3 sites.

We are considering a  VPN soultion and setting up terminal services over VPN, and we are also considering connecting the sites permanently.

What would be the best solution so that is meets the needs of the company?

Cisco or Netscreen ? Which firewalls or routers would be right for this company and soulutions?

Thanks a lot.
 
LVL 1
daxa78Asked:
Who is Participating?
 
Yan_westConnect With a Mentor Commented:
I always prefered CISCO solutions.. It is expensive, but the support is great, and you cannot go wrong with the quality..

I would install some PIX 506E at the 3 sites considering the number of users you have... DO you plan to have more sites, or maybe have more users in a site? In any case.. if you plan to have a central site that will get bigger, and want additional interfaces on your firewall.. I would then go for a PIX 515 at the central location.

Pix 506e: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps4336/index.html
Pix 515e : http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps4094/index.html

You would make permanent tunnel between all location and the central one, and access through terminal services.. This work great btw, that is what we are doing here.
0
 
Yan_westCommented:
If you do that btw.. be sure to have Good security at each site. Each additional connected site is an additional danger for you. So you have to have a centralized antivirus solution everywhere, and be sure to configure your ACL very carefully. Only allow connection on ports that are needed..
0
 
Yan_westCommented:
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
daxa78Author Commented:
What would be the equivalent netscreen model to the cisco pix? And how is it compared to the pix? Ease of setup and so on.
0
 
Yan_westCommented:
If you are using the graphical interface to setup both, I think they are about the same.. You also have the possibility to configure the PIX via telnet, with a command prompt type language.. More difficult, but you can do more with it.. and it's more powerfull.

Hmm the netscreen equivalent would be one of these:
http://www.juniper.net/products/glance/nscn_5.html probably the XT elite version.. never used their product, So i cannot tell you for sure..

The 515 would be this product. (again, not sure.. probably the 50, but better)
http://www.juniper.net/products/glance/nscn_25_50.html

Like I said, if you want quality, go with cisco..  It may seem more complicated at 1st, but in the long term, you'll be the winner.
0
 
daxa78Author Commented:
So Cisco products has a higher quality than Netscreen ?
More secure and so on?
0
 
Tim HolmanCommented:
Also look at SSL (Clientless) VPNs.  These give you the ability to deliver your Terminal Services program via Java over an HTTPS page that can be accessible worldwide (or parts of the world, if you block out certain networks).  
This would not require any VPN hardware at the remote sites - just a central VPN server in your office.  Look at Citrix N-Fuse, Tarantella, Netilla, Whale for this sort of thing.  Also Cisco VPN Concentrators and Check Point can do this, but cost more.
Cisco and Netscreen quality are more or less the same, but Netscreen is better value.  Fortinet is even more better value...
0
 
Yan_westCommented:
Yes, fortinet is an awesome product.... Their product contain a Virus wall that scans everything that comes in and out.. in addition to the firewall and VPN Capabilities.
0
 
Yan_westCommented:
0
 
daxa78Author Commented:
Why would we need 3 506 ? Would it not be enough to have 2 501 pixes 10 users at the remote offices?

The idea is that they are going to use remote desktop and terminal services, to access the sotra site. (there will be a maximum of 5 concurrent users)

The Sotra site has a 2048/512 mb adsl line and the other offices has 1 mb adsl line.

How would this solution work?  The communication between the 506 and the 501 would not be a problem right?
0
 
Yan_westCommented:
Don't you have 3 offices??.. Yes, you could also install 2 501.. it would work out.. I was only suggesting the 506e for future expension.. All pix firewall can connect between themselves with no problem at all...

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.