Solved

Firewall and VPN concentrator selection and design

Posted on 2007-04-04
4
253 Views
Last Modified: 2012-05-01
Hi Folks,  

I'm looking for some insight into best practices for firewall and VPN concentrator design.  Should the concentrator be placed inside or outside the external firewall?

Does anyone have views on "best" firewalls to support ~500 user network, with hot failover, ease of configuration/maintenance, performance, reliability etc.  IDS/IPS/VPN support not required....

Thanks in advance.
0
Comment
Question by:davystocks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 1

Expert Comment

by:GoUdVisKe
ID: 18891597
Check out watchguard with the X peak series, they offer a firewall / vpn appliance with hot failover, which is easy to configure and has a visual interface.

www.watchguard.com

S
0
 
LVL 2

Accepted Solution

by:
Andrew_Wallbank earned 250 total points
ID: 20134819
Ideally each Interface should be in it's own DMZ.  i.e. External interface with a NAT'd External address and Internal interface (you can use it's real address for Internal communication).

Depending on what VPN applicance you are using there is a considerable argument to say that the External interface does not have to be behind the Firewall, just the Internal Interface, so long as the External device is locked down to ony accept traffic on the appropriate ports.  Of course, there is also about the same weight of argument for putting this Interface behind the Firewall, it's all down to your preference.
0
 
LVL 12

Expert Comment

by:ryan80
ID: 37742974
I use Cisco ASA's that act as the external firewall and the VPN. 5510's and higher have active failover.
0
 
LVL 4

Author Closing Comment

by:davystocks
ID: 37915540
thanks
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are some basic methods for preventing attacks on, hacking of and unauthorized access to a network -- maybe not completely, but up to a certain level. Start with a well-reputed firewall and unified threat management (UTM) system -- a gateway…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question