[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4572
  • Last Modified:

Watchguard Firebox II, 700 or 1000

I have a Windows 2000 webserver located in a datacentre and I want to protect it with a watchguard firewall, why watchguard? Well, used items are available on ebay quite cheap and get they seem to get good reviews. However i just wanted to check with the experts:

I have 64 Public IP's on my server, most of my database driven sites are on a single IP address each but some of the very basic sites use a single IP and host headers.

I don't want to get into reconfiguring the server to use NAT and Port forwarding I just want to install the firebox appliance between the server and the gateway and block all Ports on all the public IP's and allow the following:

Win2KDNS PORT: 53(?)
HTTP PORT: 80
FTP PORT: 21
SMTP PORT: 25
POP3 PORT: 110
DANTZ RETROSPECT PORT: 497
PCAnywhere 10.0 PORTS: 5631 - 5632 (?)

Questions:
1. Is it easy to configure one of these things to do the above? And does anyone have any examples.
2. Does anyone have the software as far as i've read these things use proprietory software to configure them, most of the items i'm looking at on ebay have lost their CD's & Documentation, I called Watchguard but they wont let you download it unless you purchase a support contract which is a bit mean in my opinion.
3. Which item would be best suited to my needs, the II, 700 or 1000

regards,

martin


0
stellamartois
Asked:
stellamartois
1 Solution
 
shahrialCommented:
Dear martin,

I am currently using WatchGuard Fireboxes and all 3 models (II, 700, 1000) are in use.
The Firebox II is deployed at out branch office, the 700 at our overseas manufacturing plant and the 1000 is in use at out site, supporting box-to-box VPN connection.
The important thing about the WatchGuard Firebox System is the software version. Ensure that you get the high encryption version.

1.) Yes, it is easy, you can configure it in a routed or a pass-through mode. For your case, in pass-through mode.
2.) Yes, as mentioned above, the WatchGuard Firebox Control Center. All configs, logging and monitoring are thru' its custom interface (which is quite cool, imho).
3.) The Firebox II, (imho, is obsolete). For your configuration, the 700 should do fine.

To be fair, I can assist you with the documentation. As for the software, I can assist, but I need proof that you are the owner of the box (and not someone who trying to gain access to it.) Should you encounter problem configuring it, i can assist you here...;-)
0
 
stellamartoisAuthor Commented:
Hi Shahrial,

Thanks for the advise i really appreciate it, i've emailed some further details to shahrial@hotmail.com regarding the appliance I intend to purchase.

I don't think I will be using the VPN capabilities, at least not yet, the appliance main function will be to act as a firewall for my co-located webserver. That said for future reference, it may be useful to ad a second firebox in my office to act as firewall for office internet traffic and box-box VPN to co-located webserver.

I will increase the points to 1000 if you can help me with points 1 & 2.

One other question i forgot to ask was do i need to do some sort of transfer of ownership if I buy a second hand appliance and is there a cost implication in this?, i noticed details on watchguards website regarding this but it was unclear. I called their US office but they left me on hold for 25 minutes before i finally gave up (no fun when calling from UK!)

That said, the reviews i've read seem great and lets face it, it looks cool too ;-)

again, thanks for any help you can offer,
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now