Solved

Firewall and VPN concentrator selection and design

Posted on 2007-04-04
4
243 Views
Last Modified: 2012-05-01
Hi Folks,  

I'm looking for some insight into best practices for firewall and VPN concentrator design.  Should the concentrator be placed inside or outside the external firewall?

Does anyone have views on "best" firewalls to support ~500 user network, with hot failover, ease of configuration/maintenance, performance, reliability etc.  IDS/IPS/VPN support not required....

Thanks in advance.
0
Comment
Question by:davystocks
4 Comments
 
LVL 1

Expert Comment

by:GoUdVisKe
ID: 18891597
Check out watchguard with the X peak series, they offer a firewall / vpn appliance with hot failover, which is easy to configure and has a visual interface.

www.watchguard.com

S
0
 
LVL 2

Accepted Solution

by:
Andrew_Wallbank earned 250 total points
ID: 20134819
Ideally each Interface should be in it's own DMZ.  i.e. External interface with a NAT'd External address and Internal interface (you can use it's real address for Internal communication).

Depending on what VPN applicance you are using there is a considerable argument to say that the External interface does not have to be behind the Firewall, just the Internal Interface, so long as the External device is locked down to ony accept traffic on the appropriate ports.  Of course, there is also about the same weight of argument for putting this Interface behind the Firewall, it's all down to your preference.
0
 
LVL 12

Expert Comment

by:ryan80
ID: 37742974
I use Cisco ASA's that act as the external firewall and the VPN. 5510's and higher have active failover.
0
 
LVL 4

Author Closing Comment

by:davystocks
ID: 37915540
thanks
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Defense in depth is one of the most important security principles that no one disagrees with, it simply states that IT security must be handled at different layers without neglecting any of them relying on other or others.  If I tried to clarify the…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now