Firewall recommendations

Forum Moderators: phranque

Message Too Old, No Replies

Firewall recommendations

How to protect your webserver

dotme

3:17 pm on Feb 11, 2005 (gmt 0)

I need help in securing 4 windows servers on three seperate ISP links. They all host sites, DNS, email etc.

Despite keeping all patched and up to date, at least once every 2-3 months one of them gets compromised.

If replying with specific recommendations is against the TOS, I'd appreciate it if people could sticky me with suggestions.

I need one firewall for each of the three ISP links. The device must support multiple public IP addresses mapped to multiple private IP addresses in a one-to-one capacity, with port filtering/blocking capabilities on each mapped address.

Price is also a concern - not mine, but my employer's.

Suggestions please?

kalos

5:09 pm on Feb 11, 2005 (gmt 0)

I've seen CheckPoint used with a great deal of success (given that the server is secured properly) on the Win* platform. Iptables on a BSD box is the ultimate, but takes experience in setting up as there are few cute little wizards to walk people through it.

Ultraseeker

12:50 am on Feb 14, 2005 (gmt 0)

I have my ISP manage my Netscreen box. It lets me VPN into the server and do everything I need to manage it. See if your ISP has a similar firewall solution they can manage for you. I recommend the product - been using it for over three years without any problems.

Corey Bryant

2:01 pm on Feb 14, 2005 (gmt 0)

We use Sygate and have been very pleased with it

-Corey

mrowton

2:06 pm on Feb 15, 2005 (gmt 0)

Who is going to administer the firewall, your company? If so, does anyone have experience with firewalls.

I ask because the ease of use versus functionality should be a major consideration.

Some of the larger players like Netscreen and Checkpoint are relatively easy to set up, while unix flavors and Cisco PIX take a little more initial work.

I've evaluated and used a lot of vendors in my previous life and it seemed that most larger vendors are quite adequate. Its more a matter of what your comfortable with.