Solved

Firewall and VPN concentrator selection and design

Posted on 2007-04-04
4
250 Views
Last Modified: 2012-05-01
Hi Folks,  

I'm looking for some insight into best practices for firewall and VPN concentrator design.  Should the concentrator be placed inside or outside the external firewall?

Does anyone have views on "best" firewalls to support ~500 user network, with hot failover, ease of configuration/maintenance, performance, reliability etc.  IDS/IPS/VPN support not required....

Thanks in advance.
0
Comment
Question by:davystocks
4 Comments
 
LVL 1

Expert Comment

by:GoUdVisKe
ID: 18891597
Check out watchguard with the X peak series, they offer a firewall / vpn appliance with hot failover, which is easy to configure and has a visual interface.

www.watchguard.com

S
0
 
LVL 2

Accepted Solution

by:
Andrew_Wallbank earned 250 total points
ID: 20134819
Ideally each Interface should be in it's own DMZ.  i.e. External interface with a NAT'd External address and Internal interface (you can use it's real address for Internal communication).

Depending on what VPN applicance you are using there is a considerable argument to say that the External interface does not have to be behind the Firewall, just the Internal Interface, so long as the External device is locked down to ony accept traffic on the appropriate ports.  Of course, there is also about the same weight of argument for putting this Interface behind the Firewall, it's all down to your preference.
0
 
LVL 12

Expert Comment

by:ryan80
ID: 37742974
I use Cisco ASA's that act as the external firewall and the VPN. 5510's and higher have active failover.
0
 
LVL 4

Author Closing Comment

by:davystocks
ID: 37915540
thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CCTV Security Cameras 4 113
Looking for recommendations for a suitable RADIUS server 10 86
Do I need additional protection from ransomware? 13 145
PCI compliance 16 33
Read about achieving the basic levels of HRIS security in the workplace.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question