Cisco Firewalls for colocation

Wed, 02 May 2001 02:56:45 -0700 

Hi -

Thankyou everyone for your help so far, it has been most useful... I have
made changes to my request for help as people specified - if you could all
help me out again that would be really great, thanks.

...

The company I work for want to host clients sites - soon we will be hosting
a number of client sites by co locating FreeBSD servers at an ISP in the UK.

At the moment we are considering using hardware based firewalls rather than
software ones (such as using IPFW).

For the moment one client will have 2 BSD servers which will be connected to
each other over 100Mbit ethernet. To protect their area of the network a
firewall will stand between them and our more general servers. Finally all
those servers will be protected by another firewall (in the future clients
will have their own little firewalled off areas of our network). See the
diagram below.


            ISP Network
                 |
               Firewall 1 (the network is 100Mbit ethernet)
                 |
               Switch------------- Our DNS servers
                 |               |
               Firewall 2        \--- Our Mail servers / etc...
                 |
               Switch--Client DB Server
                 |
                 |
               Client
               Web
               Server


Firewall 1 will probably need to process about 1-2 Mbp/s of traffic, and
Firewall 2 about 0.5-1Mbp/s of traffic. Both will be using fairly simple
rules (i.e. we just want to block non HTTP ports incoming on Firewall 2, and
Firewall 1 will have similar rules). Each server on the inside will have
real internet routable IP addresses.

I'm reasonably new to firewalling, but I expect I need a packet filtering
firewall?

Cisco seems to be a highly recommended firewall vendor - and I think for
various reasons (mostly political) using Cisco gear would be a good move.

Which Cisco boxes should I be looking at? Are there any comparisons
anywhere?

Is there a Cisco kit intro / FAQ that would be useful to someone wanting to
learn about their products? I looked on their site - but its 'very link
heavy'. I have some experience of networks and firewalls, but not loads (I'm
a University CS Honours Degree graduate).

Thankyou helpful people!
-Rob

--------------------------------
http://www.robhulme.com
http://www.christianunion.org.uk

"...and scantily clad females, of course. Who cares if it's below zero
outside." -- Linus Torvalds

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to