If you are doing VPN via a Windows Server, then you only need port forwarding of the VPN ports to that server. The IPCop box would NOT be doing your VPN for you.
With the wireless you have options. Either set up a Blue zone on your IPCop box, or just treat wireless as part of the local network (the green zone). If you go with the latter option, then you need to make sure the wireless router providing access is as secure as possible - seeing as it would be bypassing your firewall. If you opt to do traffic shaping, I understand this to be less processor intensive than proxying/filtering. But I don't have anything solid to back that up either. It would seem that you may be in a situation where you won't really know if you have enough hardware to do the job, until you put it into service for a bit. My instincts/experience tell me though that given your initial list of requirements, it will not be enough. Of course, changing your requirements would change that assessment... :) Shawn TekBudda wrote: > Shawn wrote: >> If you are going to do filtering, proxying, AND VPN, you should bump the >> specs some. At a bare minimum, double the ram. But I'd probably lean >> towards a P4 type box. >> >> I am currently running my IPCop on a P3, with 256 MB. It is not >> sufficient to do the VPN and the intrusion dectection. I'd hate to see >> how much it suffers if I add proxy and filtering to the mix... > > I appreciate the advice, however, for me to go to a P4 box I would be > looking at purchasing more equipment. I am trying to utilize any old > boxes I have and this one seemed like a good one. The others are all > about the same genre. Now I can up the RAM to 512 but CPU... not so much. > > As far as VPN access goes it is very infrequent and usually one person > at a time...maybe 2. Question is, would I still need the VPN being > handled on IPCop if the sessions are already handled by the WIndows Server? > > With the new 5 wireless connection coming in, the proxying may not be as > necessary, but I was thinking of it for things like updates and because > we support a web app, if we could dish the static elements from the > proxy and save a little pipe...so much the better. I was thinking of > doing some bandwisth shaping as well....maybe that would be a better > plan than the proxying. > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
