----- Original Message ----- From: "istene" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, April 24, 2002 1:28 PM Subject: Re: Hardware configuration
> Hi, > I use multiple firewalls because i need to divide offices and directions > from labs and from classrooms. I prefer using multiple firewalls, so i have > not a single point of failure for all clients, and firewall' configuration > would be easier. > > This is the configuration i'm planning to use: > > I will have 3 subnets: > LIS1 (4 labs) about 60 clients, will be behind a gibraltar firewall (FW1) > LIS2 (classrooms and library) about 100 clients, will be behind a gibraltar > firewall (FW2) > LIS3 (direction and offices) about 20 clients will be behind gibraltar > firewall (FW3) > > Each firewall will have 3 NIC, one to the cisco routers that provide one or > more ADSL connection to the Internet, one to the LIS it protects, and one to > the other > firewalls > > cisco1 cisco2 > | | > LIS1----- FW1----FW2----LIS2 > | > LIS3---- FW3 > | > cisco3 > > > I need NATting because we have only 18 static ip for more than 100 clients, > so i suppose that RAM amount should be more than 128 Mb for LIS1 and LIS2. > I'd like to know opinion on this configuration. > Best regards, and thanks for your help. > Gianstefano Monni > > > ----- Original Message ----- > From: "Matthew Palmer" <[EMAIL PROTECTED]> > To: "istene" <[EMAIL PROTECTED]> > Cc: <[email protected]>; <[email protected]> > Sent: Wednesday, April 24, 2002 2:31 AM > Subject: Re: Hardware configuration > > > > On Tue, 23 Apr 2002, istene wrote: > > > > > I need to setup security for a net of 130 clients. I will use > Gibraltar > > > and have, a debian-based distro and i plan to configure 2 or 3 > firewalls. > > > > Why the multiple firewalls? If you've got multiple links, you're better > off > > channel bonding or something else to tidy it up, otherwise doing routing > > tables internally is going to be a stone drag. > > > > > Does any1 have experience of using linux-based firewalls with so many > > > clients (i will use NAT and have 13 static ips) ? If yes, how's the > hardware > > > > Hardware shouldn't be an issue. Any PCI-based system with decent > 100BaseTX > > cards (avoid anything RTL-8139, the buffers aren't big enough - I like > 3Com > > 3c59x or EE100) should be able to handle full-rate transfers. The > > bottleneck is going to be in your external connection. > > > > > > -- > > ----------------------------------------------------------------------- > > #include <disclaimer.h> > > Matthew Palmer > > [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
