Firewall/Website Publishing Advice?

Firewall/Website Publishing Advice?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Firewall/Website Publishing Advice? Paul Hutchings 04-21-2005
Posted by Paul Hutchings on April 21, 2005, 6:12 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Currently we have a setup like this:

LAN (private IP range)
|
ISA (private IP on internal NIC public on external)
|
DMZ (public IP range)
|
PIX (public IP on internal NIC and public IP on external NIC

At the moment as well as having a web server in our DMZ we use ISAs
server publishing feature to allow access to various websites located on
the LAN.

The external NIC on the ISA has several public IP addresses bound to it
and we have 1:1 rules that translate "Public w.x.y.z - LAN w.x.y.z -
port 80/443".

At the moment the ISA controls outbound access at protocol level by both
domain account and IP address.

I'm looking at putting in some sort of appliance such as a Blue Coat to
control outbound http/https/ftp access, which leaves me needing a cheap
but reliable and easy to administer firewall that will do what the ISA
currently does at a protocol level so I can define outbound access IP
address (assuming the Blue Coat will handle 99% of "by user" requests).

The ISA machine is due to be replaced in a couple of months and if we do
invest in a Blue Coat I'm not sure I can justify the cost of a server of
sufficient spec to run ISA, the cost/maintenence of Windows 2003 plus
the cost/maintnence of the ISA Server itself when we would probably only
be using the bare minimum features.

Whenever I've looked at this sort of thing I've always been quite taken
by m0n0wall as it seems an ideal example of a bare bones firewall that
will run on "that old box in the corner" but it's the server publishing
stuff that's throwing a spanner in the works as most things I know of
seem to do port based publishing rather than 1:1 publishing with
multiple public IPs to multiple private IPs.

Hope that makes some sense!

--
paul <at> spamcop <dot> net


Posted by scwish on April 21, 2005, 6:24 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
>> Whenever I've looked at this sort of thing I've always been quite
taken
by m0n0wall

Have you looked at ipcop.org yet? It has worked well for us and will
allow for 1:1 publishing using virtual eth interfaces. It has snort
ids and mrtg built in as well.



Similar ThreadsPosted
Need advice November 6, 2006, 9:43 pm
Firewall Advice August 10, 2004, 9:15 pm
Need firewall advice November 11, 2004, 12:26 pm
Re: Advice needed August 9, 2006, 3:54 pm
Advice for a newbie please September 10, 2006, 4:24 am
Newbee needs security advice March 27, 2005, 8:16 pm
Network setup advice please April 5, 2005, 8:23 am
Network Firewall Advice November 21, 2005, 12:54 pm
Advice pls on what is happening on my system December 9, 2005, 5:14 am
Re: Advice pls on what is happening on my system December 9, 2005, 6:53 am

The site map in XML format XML site map

Contact Us | Privacy Policy