Firewall installation for new servers setup.

I'm looking for the best way to protect a brand new server installation.
I'll have 2 web and email servers (Windows or Linux) i have not yet decided.
One Blackberry BES 4.1 server. One Exchange 2003 server and one SQL 2005 server.
And  last but not the least, one server that will act as a backup server with Blackberry Bes 4.1,
Exchange 2003 and SQL 2005.
All this will be hosted on fiber 100mb isp.

I'd like to know what kind of firewall to use and if the server will have internet ip's or private ip's.
Any suggestions about hardware and software will be appreciate.
reseauticaAsked:
Who is Participating?
 
bugsaifCommented:
If you're looking to save some money (doesn't appear to be the case) and still wanting a decent firewall you might want to look in to:
Link - http://www.smoothwall.org/ - Linux based firewall

On the other hand see if you can get your hands on a couple of Cisco PIX 515E's or 525's will be even better but a bit overkill for your requirements.
Link - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ - The industry standard

And no the servers don't NEED to have public addresses, they can if you want to give them public addresses. What you'll want to do is setup the servers on an internal lan with private addresses, and then get an appropriately long public subnet from your ISP and then have the PIX or whatever firewall you choose NAT it to the servers on the inside.

Configuration guides are available all over the web... just google for them or you can ask for help here...

Saif
0
 
Keith AlabasterEnterprise ArchitectCommented:
Protection from what to what?
What traffic will you be allowing inbound?
0
 
reseauticaAuthor Commented:
Thanks "bugsaif" for the answer.

Can you explain a bit more on your answer "get an appropriately long public subnet from your ISP and then have the PIX or whatever firewall you choose NAT it to the servers on the inside". Maybe direct me to some good website for details.

Here more of this setup to help you and other's understand.

Blackberry server working on port 3101.
Exchange server goes along with Blackberry for activation and mail.
SQL and www are for the database and apps.
We send some job to blackberry handhelds (275) Tech are completing them and are returned.
All this are done using ports 8080 to 8090. Apps must be access via web.
Also looking for a way to have a redundant exchange 2003 setup.

thanks alls
 
0
 
bugsaifCommented:
So you say you have 5 servers.

Solution 1: Get 5 public IP addresses from your ISP and assign each IP to a server. Have the firewall NAT (Network Address Translate) then to the internal servers.

Solution 2: Get 2 public IP addresses from your ISP and have your firewall PAT (Port Address Translate) them to the internal server.

NATing - http://en.wikipedia.org/wiki/Network_address_translation
PATing - http://en.wikipedia.org/wiki/Port_address_translation

Getting PIXs you can set them up for redudancy and PIXs are the industry standard. I don't know what amount of traffic you will be dealing with so better consult the Cisco site for device throughputs.

Saif
0
 
LBACISCommented:
I have experience/certifications with the following.

Watchguard
Checkpoint
Pix Accelerators /Concentrators
Sonicwall

And return on investment over the years has been watchguard.
comes with 8 ports so you can also separate your DB from you web farm and create multiple DMZ's...
If you need extreme granularity and I REALLY mean extreme get a checkpoint.


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.