General discussion


What is the best Firewall Protection

By thomas.white ·
I have an NT server running Proxy 2.0 and exchange 5.5 all the latest SP's. What type of firewall protection should I have for my internal network so that hackers and sneakers cant gain access through my T1 internet connection. The T1 comes through the NT on a multi-homed system. Do I need a firewall appliance or actual software on the server? What would you guys recomend?
Server is a little taxed but I can upgrade it to dual Pentium III 500 with upto 1Gb ram. 125 Users on the internal network.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by lemaym2 In reply to What is the best Firewall ...

You could try the following. I had an eval installed on my system and appeared to be working pretty good. Although keep in mind that once installed it may stop some of your apps from functionning unless they are defined as being permitted to use ports you specify.

Collapse -

My recommendation...

by eBob In reply to What is the best Firewall ...

Get a firewall appliance, or dedicated firewall system.

Offload the dedicated firewall activities to a separate box. Your T1 comes into a router, then to your Brand Spanking New Firewall then to your Proxy then to your LAN(s). Use your Proxy to manage outbound connections, and to cache user requests.

Firewalls that work (no particular order):
1 - Cisco PIX
2 - Checkpoint Firewall-1, preferrably on a Solaris box. Alternatively on a well-secured (other) Unix or Linux box. Least preferenceis to use any form of Windoze as the O/S on your firewall.
3 - Nokia Appliance that is running Checkpoint FW-1
4 - other "brand name" firewall solutions running on FULLY SECURED unix/linux/solaris

Collapse -

Hardware is much better than software.

by admin In reply to What is the best Firewall ...

e-Bob again gave great advice on this. Definately use hardware if you can :)

Collapse -

Firewall Recommendation

by mchollow In reply to Hardware is much better t ...

eBob was right on the mark. I've had to secure a corporate network using not one but 2 PIX boxes. They are pretty slick but you MUST understand the IOS software. Also, I'd make sure your router is air tight. Get an expert (I use the term loosely) toreview the router security if you are unsure. Make sure there is NO telnet SNMP or TFTP access via the outside interface of the router. If it's a Cisco, you're good as long as the lastest IOS is applied. If you have web servers that the public accesses you can add a 3rd interface to the PIX and setup a secure DMZ so no inbound Internet traffic makes it's way on you local network. You can then isolate the public stuff by further nailing down the PIX at the DMZ. Block all inbound access to the internal (except from DMZ devices) interface and you are golden. It's still not 100% safe, but it's about as air tight as you can get.
Do lot's of research on security. Understand what firewalls can and cannot do. Cisco and others have great documentson their web sights. Find a consultant that specializes in this technology and take every piece of advise - including this - with a grain of salt. Hope this helps.

Collapse -


by thomas.white In reply to What is the best Firewall ...

Thanks for all the help.

Back to IT Employment Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums