internal firewall for Data-center

internal firewall for Data-center
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
internal firewall for Data-center yvette.ye 10-01-2007
Posted by on October 1, 2007, 11:38 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello...I am working on a project to allocate some protection to
segregate the Data-center A from the rest of user community. and there
are some requirements:
1) this data-center A do not have internet connection directly, but it
can access the internet via another data-center B.
2) each server in data-center A will be access from the user community
only specific ports/protocols open.
3) each server in data-center A will be fully open to data-center B.
4) ideally, the IP address of each server in data-center A will not be
changed after put this internal firewall.
5) the servers are Windows 2003 for file server, printer server,
exchange server, SQL server, Web server and the regional domain
controller (DC).
6) the main DC and Exchange are located in data-center B.
7) the data-center are split into 2 networks, one for production, the
other is QA.
8) we have no direct controll on data-center B.

My questions is that: what kind of Cisco product can achieve this
request?

Thanks,
fshguo.


Posted by CosmicV on October 1, 2007, 4:35 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Oct 1, 10:38 am, yvette...@gmail.com wrote:
> Hello...I am working on a project to allocate some protection to
> segregate the Data-center A from the rest of user community. and there
> are some requirements:
> 1) this data-center A do not have internet connection directly, but it
> can access the internet via another data-center B.
> 2) each server in data-center A will be access from the user community
> only specific ports/protocols open.
> 3) each server in data-center A will be fully open to data-center B.
> 4) ideally, the IP address of each server in data-center A will not be
> changed after put this internal firewall.
> 5) the servers are Windows 2003 for file server, printer server,
> exchange server, SQL server, Web server and the regional domain
> controller (DC).
> 6) the main DC and Exchange are located in data-center B.
> 7) the data-center are split into 2 networks, one for production, the
> other is QA.
> 8) we have no direct controll on data-center B.
>
> My questions is that: what kind of Cisco product can achieve this
> request?
>
> Thanks,
> fshguo.

Why would you confine yourself to Cisco solutions? If your talking
security, I know that Cisco is by far not the first name you should
look at. Checkpoint or Juniper are FAR better products in my own
opinion. Cisco makes great mid-level routers and switches, but they
are relatively new to the enterprise firewall environment.


Posted by wayne on October 2, 2007, 7:04 am
If you were  Registered and logged in, you could reply and use other advanced thread options
CosmicV wrote:
> On Oct 1, 10:38 am, yvette...@gmail.com wrote:
>> Hello...I am working on a project to allocate some protection to
>> segregate the Data-center A from the rest of user community. and there
>> are some requirements:
>> 1) this data-center A do not have internet connection directly, but it
>> can access the internet via another data-center B.
>> 2) each server in data-center A will be access from the user community
>> only specific ports/protocols open.
>> 3) each server in data-center A will be fully open to data-center B.
>> 4) ideally, the IP address of each server in data-center A will not be
>> changed after put this internal firewall.
>> 5) the servers are Windows 2003 for file server, printer server,
>> exchange server, SQL server, Web server and the regional domain
>> controller (DC).
>> 6) the main DC and Exchange are located in data-center B.
>> 7) the data-center are split into 2 networks, one for production, the
>> other is QA.
>> 8) we have no direct controll on data-center B.
>>
>> My questions is that: what kind of Cisco product can achieve this
>> request?
>>
>> Thanks,
>> fshguo.
>
> Why would you confine yourself to Cisco solutions? If your talking
> security, I know that Cisco is by far not the first name you should
> look at. Checkpoint or Juniper are FAR better products in my own
> opinion. Cisco makes great mid-level routers and switches, but they
> are relatively new to the enterprise firewall environment.
>

Mid-level?

Anyway, I'm guessing speed will be a consideration in your decision, I
would look at the Cisco Catalyst 6500 with the Firewall Services Module
(FWSM).

Posted by Burkhard Ott on October 2, 2007, 9:43 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Am Tue, 02 Oct 2007 07:04:19 -0400 schrieb wayne:

> CosmicV wrote:
>> On Oct 1, 10:38 am, yvette...@gmail.com wrote:
>>> Hello...I am working on a project to allocate some protection to
>>> segregate the Data-center A from the rest of user community. and there
>>> are some requirements:
>>> 1) this data-center A do not have internet connection directly, but it
>>> can access the internet via another data-center B.
>>> 2) each server in data-center A will be access from the user community
>>> only specific ports/protocols open.
>>> 3) each server in data-center A will be fully open to data-center B.
>>> 4) ideally, the IP address of each server in data-center A will not be
>>> changed after put this internal firewall.
>>> 5) the servers are Windows 2003 for file server, printer server,
>>> exchange server, SQL server, Web server and the regional domain
>>> controller (DC).
>>> 6) the main DC and Exchange are located in data-center B.
>>> 7) the data-center are split into 2 networks, one for production, the
>>> other is QA.
>>> 8) we have no direct controll on data-center B.
>>>
>>> My questions is that: what kind of Cisco product can achieve this
>>> request?
>>>
>>> Thanks,
>>> fshguo.
>>
>> Why would you confine yourself to Cisco solutions? If your talking
>> security, I know that Cisco is by far not the first name you should
>> look at. Checkpoint or Juniper are FAR better products in my own
>> opinion. Cisco makes great mid-level routers and switches, but they
>> are relatively new to the enterprise firewall environment.
>>
>
> Mid-level?
>
> Anyway, I'm guessing speed will be a consideration in your decision, I
> would look at the Cisco Catalyst 6500 with the Firewall Services Module
> (FWSM).

netscreen and you can sleep better

Posted by CosmicV on November 13, 2007, 9:40 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> CosmicV wrote:
> > On Oct 1, 10:38 am, yvette...@gmail.com wrote:
> >> Hello...I am working on a project to allocate some protection to
> >> segregate the Data-center A from the rest of user community. and there
> >> are some requirements:
> >> 1) this data-center A do not have internet connection directly, but it
> >> can access the internet via another data-center B.
> >> 2) each server in data-center A will be access from the user community
> >> only specific ports/protocols open.
> >> 3) each server in data-center A will be fully open to data-center B.
> >> 4) ideally, the IP address of each server in data-center A will not be
> >> changed after put this internal firewall.
> >> 5) the servers are Windows 2003 for file server, printer server,
> >> exchange server, SQL server, Web server and the regional domain
> >> controller (DC).
> >> 6) the main DC and Exchange are located in data-center B.
> >> 7) the data-center are split into 2 networks, one for production, the
> >> other is QA.
> >> 8) we have no direct controll on data-center B.
>
> >> My questions is that: what kind of Cisco product can achieve this
> >> request?
>
> >> Thanks,
> >> fshguo.
>
> > Why would you confine yourself to Cisco solutions? If your talking
> > security, I know that Cisco is by far not the first name you should
> > look at. Checkpoint or Juniper are FAR better products in my own
> > opinion. Cisco makes great mid-level routers and switches, but they
> > are relatively new to the enterprise firewall environment.
>
> Mid-level?
>
> Anyway, I'm guessing speed will be a consideration in your decision, I
> would look at the Cisco Catalyst 6500 with the Firewall Services Module
> (FWSM).

Yes, mid-level. The Juniper high end routers kick off on Cisco all day
long. Most of the internet backbone is in fact Juniper. Google swapped
out a good chunk of their Cisco network for Juniper. That said, I
wouldnt use Juniper for a mid-sized enterprise as I think Cisco's gear
is better in that area. I look towards best of breed for a solution
instead of playing fanboy favorites.


Similar ThreadsPosted
firewall in internal network August 7, 2005, 3:35 pm
internal firewall suggestions required May 11, 2005, 5:31 am
IPTABLES - Allow Internal HOST with Public IP through Firewall June 30, 2008, 4:19 pm
Firewall-1: Can Internal Hosts Share One Public IP With Static and Hidden NAT? April 17, 2008, 2:34 am
Question on internal/external IPs December 10, 2004, 2:18 pm
Is this possible : filter an internal network September 14, 2005, 8:38 am
External/DMZ/Internal with two firewalls? March 22, 2006, 7:45 am
SQL Connection to internal Private IP Server November 10, 2004, 6:03 pm
cisco pix 515 outside ping to internal hosts September 14, 2005, 9:26 pm
Can't change my internal and external ip addresses January 13, 2006, 7:42 am

The site map in XML format XML site map

Contact Us | Privacy Policy