Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

can someone recommend a firewall for use in a colocation setting?

Posted on 2004-09-14
6
Medium Priority
?
270 Views
Last Modified: 2013-11-16
Hi all,

I am looking for a firewall for use in a colocation setting.
There are 3 servers:  
1 webserver with 16 websites (all w/FTP sites), each with a separate IP address for SSL.
     Needs ports 21,80,8080,8383,443 open and 3389 (remote desktop)
1 SQL server
    Needs port 1433 open and 3389 (remote desktop)
1 mail/backup server
    Needs to allow SMTP,POP3 & remote desktop  as well as an HTTP/HTTPS port open for web-based mgmt.

My problem is that it seems most firewall solutions work only via NAT or multiNAT which is not necessary and just adds a significant amount of overhead (some of these websites can have hundreds of users simultaneously) and they also make you
pay for features you don't need such as VPN and content filtering (mostly the SOHO types).

I would rather use my public IP addresses with no routing, just the ability to close/open ports and block offending WAN IPs if need be.  SPI, DoS detection/prevention, logging and email notification would be the bare minimum I need.
It has to handle about 200 simultaneous WAN users (outside in) and 32IP addresses and cost less than $800 if possible.

Any suggestions?


0
Comment
Question by:simplyamazing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12061920
get an old i486, P1, or P2 from your trash corner, install linux and setup iptables. Costs: 0.0$$$$
well, probably it is a good idea to add one or two more NICs first: ca. $10
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12062648
Cisco router with a firewall feature set.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 12067678
Either ahoffmann's or tim_holman's suggestions can work.
Might also want to look at the smaller CheckPoint Sofaware and Netscreen's while you're at it too.

But I caution against not using VPN for the administration.
All the solutions mention above support this, however.
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 12067699
Oh, yeah - might want to make it an old Pentium-class system if you're running a VPN on Linux rather than a 486...

And many people think OpenBSD easier to deal with as a firewall than Linux.

But the concepts are all about the same.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1500 total points
ID: 12068889

Great link:
http://www.infoworld.com/store/redfileoffer001.html?CMP=EMC-RF001

Bottom line: Know your budget, know what you need to protect (value), and how much you need to spend to protect it. Know your own skill sets and your staff's skill sets and steer toward the products that work within those skills.

All of the product lines do basically the same thing, just a little differently and with a different underlying OS. Some products add multiple capabilities (AV, web filtering, email filtering, etc). My personal opinion is to use the best point product. I think that the Cisco PIX is the best firewall. It does not even try to be all things like AV filter, etc. It does add VPN capability (very handy) for no extra cost.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12105745
Are you still looking for information? Can you clost out this question?

Here's a guide to closing questions:
http://www.experts-exchange.com/help.jsp#hs7

Thanks!
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question