I should clarify this... The firewall itself does not need a T1 interface at all. The firewall would connect to my outside router which has the T1 interface. Guess I didn't specify this accurately. Right now I'm leaning towards the PIX 515E with 4 interfaces but I'm still hunting around.
-----Original Message----- From: Paul Robertson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 16, 2002 4:47 PM To: Rink, Jesse Cc: '[EMAIL PROTECTED]' Subject: Re: Replacing my old PIX Classic On Tue, 16 Apr 2002, Rink, Jesse wrote: > My environment is as follows: > 1 WAN interface (connected to a T1 line to our ISP) > 2 DMZ interfaces > 1 Internal interface > > We could have up to 700 concurrent users going outbound through the > firewall at a given time. > > I was thinking about looking at newer PIXs, Microsoft ISA, and Checkpoint > Firewall. Of course, I'm not sure where to begin. Any recommendations? If you need a T1 interface on the firewall itself, I'd seriously look at something that's likely to interoperate well. If you need a v.35 interface to a CSU/DSU, things get more limited. If you can put a router there, then your options open up significantly. There are *lots* more firewalls than the ones you name: http://www.icsalabs.com/html/communities/firewalls/buyers_guide2001/index.sh tml Has some selection information http://www.icsalabs.com/html/communities/firewalls/certification/rxvendors/i ndex.shtml Has a list of ICSA Certified products[1] Your choice should be driven by your security policy, anticipated growth and how cool the vendor's t-shirts are[2]. You've got your requirements, and probably an idea for a budget- what you expect to have the firewall do for the next 3 years, and how much it needs to grow should probably be the next things you think about, along with the policy you want to enforce. These days, most products do the mainstream stuff about as well as each other, so if you just need mainstream stuff, any choice should work. Support is my biggest worry- see if you can get referrals for support, and check to see if many people are complaining about support (Google is your friend.) > PS - Where is the best site to read the current msgs to this mailing list? > I don't like them sent to my email, I'd rather read them from a URL that is > updated as messages are posted. I'm new here... :-) Mailman keeps archives, should be on the GNAC site. That's much too wimpy a way to read this list though- almost as bad as digest mode (Hi Brian!) ;) Paul [1] Not all firewalls participate in ICSA Lab's firewall program, some of them are good, some aren't[1a]. [1a] TruSecure both owns ICSA Labs and pays my salary, therefore I'm biased. [2] The t-shirt metric may not be applicable in all cases, the tech bust has hurt my wardrobe. ---------------------------------------------------------------------------- - Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
