simplyamazing
asked on
can someone recommend a firewall for use in a colocation setting?
Hi all,
I am looking for a firewall for use in a colocation setting.
There are 3 servers:
1 webserver with 16 websites (all w/FTP sites), each with a separate IP address for SSL.
Needs ports 21,80,8080,8383,443 open and 3389 (remote desktop)
1 SQL server
Needs port 1433 open and 3389 (remote desktop)
1 mail/backup server
Needs to allow SMTP,POP3 & remote desktop as well as an HTTP/HTTPS port open for web-based mgmt.
My problem is that it seems most firewall solutions work only via NAT or multiNAT which is not necessary and just adds a significant amount of overhead (some of these websites can have hundreds of users simultaneously) and they also make you
pay for features you don't need such as VPN and content filtering (mostly the SOHO types).
I would rather use my public IP addresses with no routing, just the ability to close/open ports and block offending WAN IPs if need be. SPI, DoS detection/prevention, logging and email notification would be the bare minimum I need.
It has to handle about 200 simultaneous WAN users (outside in) and 32IP addresses and cost less than $800 if possible.
Any suggestions?
I am looking for a firewall for use in a colocation setting.
There are 3 servers:
1 webserver with 16 websites (all w/FTP sites), each with a separate IP address for SSL.
Needs ports 21,80,8080,8383,443 open and 3389 (remote desktop)
1 SQL server
Needs port 1433 open and 3389 (remote desktop)
1 mail/backup server
Needs to allow SMTP,POP3 & remote desktop as well as an HTTP/HTTPS port open for web-based mgmt.
My problem is that it seems most firewall solutions work only via NAT or multiNAT which is not necessary and just adds a significant amount of overhead (some of these websites can have hundreds of users simultaneously) and they also make you
pay for features you don't need such as VPN and content filtering (mostly the SOHO types).
I would rather use my public IP addresses with no routing, just the ability to close/open ports and block offending WAN IPs if need be. SPI, DoS detection/prevention, logging and email notification would be the bare minimum I need.
It has to handle about 200 simultaneous WAN users (outside in) and 32IP addresses and cost less than $800 if possible.
Any suggestions?
Cisco router with a firewall feature set.
Either ahoffmann's or tim_holman's suggestions can work.
Might also want to look at the smaller CheckPoint Sofaware and Netscreen's while you're at it too.
But I caution against not using VPN for the administration.
All the solutions mention above support this, however.
Might also want to look at the smaller CheckPoint Sofaware and Netscreen's while you're at it too.
But I caution against not using VPN for the administration.
All the solutions mention above support this, however.
Oh, yeah - might want to make it an old Pentium-class system if you're running a VPN on Linux rather than a 486...
And many people think OpenBSD easier to deal with as a firewall than Linux.
But the concepts are all about the same.
And many people think OpenBSD easier to deal with as a firewall than Linux.
But the concepts are all about the same.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you still looking for information? Can you clost out this question?
Here's a guide to closing questions:
https://www.experts-exchange.com/help.jsp#hs7
Thanks!
Here's a guide to closing questions:
https://www.experts-exchange.com/help.jsp#hs7
Thanks!
well, probably it is a good idea to add one or two more NICs first: ca. $10