daxa78
asked on
Network design
Hello, we are going to connect 3 diffrent networks, one department in sotra, one i bergen and one in oslo.
The idea is that the sites in bergen and oslo is going to clock in at the sotra site. They also have to use the accounting program that is located in the sotra site.
There are 30 users in the sotra site, 10 in oslo and 5 i bergen.
There are servers in all the sites 2003 in sotra and nt 4.0 in oslo and bergen. They are not connected at all.
There are already set up adsl at all 3 sites.
We are considering a VPN soultion and setting up terminal services over VPN, and we are also considering connecting the sites permanently.
What would be the best solution so that is meets the needs of the company?
Cisco or Netscreen ? Which firewalls or routers would be right for this company and soulutions?
Thanks a lot.
The idea is that the sites in bergen and oslo is going to clock in at the sotra site. They also have to use the accounting program that is located in the sotra site.
There are 30 users in the sotra site, 10 in oslo and 5 i bergen.
There are servers in all the sites 2003 in sotra and nt 4.0 in oslo and bergen. They are not connected at all.
There are already set up adsl at all 3 sites.
We are considering a VPN soultion and setting up terminal services over VPN, and we are also considering connecting the sites permanently.
What would be the best solution so that is meets the needs of the company?
Cisco or Netscreen ? Which firewalls or routers would be right for this company and soulutions?
Thanks a lot.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you do that btw.. be sure to have Good security at each site. Each additional connected site is an additional danger for you. So you have to have a centralized antivirus solution everywhere, and be sure to configure your ACL very carefully. Only allow connection on ports that are needed..
Site-to-Site VPN Configuration Examples for PIX Firewalls.
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb0b4.html
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb0b4.html
ASKER
What would be the equivalent netscreen model to the cisco pix? And how is it compared to the pix? Ease of setup and so on.
If you are using the graphical interface to setup both, I think they are about the same.. You also have the possibility to configure the PIX via telnet, with a command prompt type language.. More difficult, but you can do more with it.. and it's more powerfull.
Hmm the netscreen equivalent would be one of these:
http://www.juniper.net/products/glance/nscn_5.html probably the XT elite version.. never used their product, So i cannot tell you for sure..
The 515 would be this product. (again, not sure.. probably the 50, but better)
http://www.juniper.net/products/glance/nscn_25_50.html
Like I said, if you want quality, go with cisco.. It may seem more complicated at 1st, but in the long term, you'll be the winner.
Hmm the netscreen equivalent would be one of these:
http://www.juniper.net/products/glance/nscn_5.html probably the XT elite version.. never used their product, So i cannot tell you for sure..
The 515 would be this product. (again, not sure.. probably the 50, but better)
http://www.juniper.net/products/glance/nscn_25_50.html
Like I said, if you want quality, go with cisco.. It may seem more complicated at 1st, but in the long term, you'll be the winner.
ASKER
So Cisco products has a higher quality than Netscreen ?
More secure and so on?
More secure and so on?
Also look at SSL (Clientless) VPNs. These give you the ability to deliver your Terminal Services program via Java over an HTTPS page that can be accessible worldwide (or parts of the world, if you block out certain networks).
This would not require any VPN hardware at the remote sites - just a central VPN server in your office. Look at Citrix N-Fuse, Tarantella, Netilla, Whale for this sort of thing. Also Cisco VPN Concentrators and Check Point can do this, but cost more.
Cisco and Netscreen quality are more or less the same, but Netscreen is better value. Fortinet is even more better value...
This would not require any VPN hardware at the remote sites - just a central VPN server in your office. Look at Citrix N-Fuse, Tarantella, Netilla, Whale for this sort of thing. Also Cisco VPN Concentrators and Check Point can do this, but cost more.
Cisco and Netscreen quality are more or less the same, but Netscreen is better value. Fortinet is even more better value...
Yes, fortinet is an awesome product.... Their product contain a Virus wall that scans everything that comes in and out.. in addition to the firewall and VPN Capabilities.
ASKER
Why would we need 3 506 ? Would it not be enough to have 2 501 pixes 10 users at the remote offices?
The idea is that they are going to use remote desktop and terminal services, to access the sotra site. (there will be a maximum of 5 concurrent users)
The Sotra site has a 2048/512 mb adsl line and the other offices has 1 mb adsl line.
How would this solution work? The communication between the 506 and the 501 would not be a problem right?
The idea is that they are going to use remote desktop and terminal services, to access the sotra site. (there will be a maximum of 5 concurrent users)
The Sotra site has a 2048/512 mb adsl line and the other offices has 1 mb adsl line.
How would this solution work? The communication between the 506 and the 501 would not be a problem right?
Don't you have 3 offices??.. Yes, you could also install 2 501.. it would work out.. I was only suggesting the 506e for future expension.. All pix firewall can connect between themselves with no problem at all...