Solved

Firewall installation for new servers setup.

Posted on 2006-11-13
7
215 Views
Last Modified: 2013-11-16
I'm looking for the best way to protect a brand new server installation.
I'll have 2 web and email servers (Windows or Linux) i have not yet decided.
One Blackberry BES 4.1 server. One Exchange 2003 server and one SQL 2005 server.
And  last but not the least, one server that will act as a backup server with Blackberry Bes 4.1,
Exchange 2003 and SQL 2005.
All this will be hosted on fiber 100mb isp.

I'd like to know what kind of firewall to use and if the server will have internet ip's or private ip's.
Any suggestions about hardware and software will be appreciate.
0
Comment
Question by:reseautica
7 Comments
 
LVL 3

Accepted Solution

by:
bugsaif earned 250 total points
ID: 17936074
If you're looking to save some money (doesn't appear to be the case) and still wanting a decent firewall you might want to look in to:
Link - http://www.smoothwall.org/ - Linux based firewall

On the other hand see if you can get your hands on a couple of Cisco PIX 515E's or 525's will be even better but a bit overkill for your requirements.
Link - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ - The industry standard

And no the servers don't NEED to have public addresses, they can if you want to give them public addresses. What you'll want to do is setup the servers on an internal lan with private addresses, and then get an appropriately long public subnet from your ISP and then have the PIX or whatever firewall you choose NAT it to the servers on the inside.

Configuration guides are available all over the web... just google for them or you can ask for help here...

Saif
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17936241
Protection from what to what?
What traffic will you be allowing inbound?
0
 

Author Comment

by:reseautica
ID: 17937615
Thanks "bugsaif" for the answer.

Can you explain a bit more on your answer "get an appropriately long public subnet from your ISP and then have the PIX or whatever firewall you choose NAT it to the servers on the inside". Maybe direct me to some good website for details.

Here more of this setup to help you and other's understand.

Blackberry server working on port 3101.
Exchange server goes along with Blackberry for activation and mail.
SQL and www are for the database and apps.
We send some job to blackberry handhelds (275) Tech are completing them and are returned.
All this are done using ports 8080 to 8090. Apps must be access via web.
Also looking for a way to have a redundant exchange 2003 setup.

thanks alls
 
0
 
LVL 3

Expert Comment

by:bugsaif
ID: 17940601
So you say you have 5 servers.

Solution 1: Get 5 public IP addresses from your ISP and assign each IP to a server. Have the firewall NAT (Network Address Translate) then to the internal servers.

Solution 2: Get 2 public IP addresses from your ISP and have your firewall PAT (Port Address Translate) them to the internal server.

NATing - http://en.wikipedia.org/wiki/Network_address_translation
PATing - http://en.wikipedia.org/wiki/Port_address_translation

Getting PIXs you can set them up for redudancy and PIXs are the industry standard. I don't know what amount of traffic you will be dealing with so better consult the Cisco site for device throughputs.

Saif
0
 
LVL 4

Assisted Solution

by:LBACIS
LBACIS earned 250 total points
ID: 17946271
I have experience/certifications with the following.

Watchguard
Checkpoint
Pix Accelerators /Concentrators
Sonicwall

And return on investment over the years has been watchguard.
comes with 8 ports so you can also separate your DB from you web farm and create multiple DMZ's...
If you need extreme granularity and I REALLY mean extreme get a checkpoint.


0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
iptables question 3 72
Firewall Analyzer Reporting Software 4 52
increase internet speed 3 57
Checkpoint Endpoint Managment 3 46
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now