* This is the modus mailing list * Just to note, I never said a sonicwall 'wont' work, I just wouldn't recommend it, especially without knowing more information about their existing network, predicted growth and plans for increasing capacity to fufil customer demands. Is their network in a place where a Sonicwall will work now, but maybe will not be robust enough in 6-12 months? Can a Sonciwall handle a significant DoS attack? I had a colo customer this morning get flooded with a 40M DoS attack on their Pix515, and the PIX just performed enough to (barely) keep their content up and running. The PIX to get up and running takes minutes, not hours. And if you use the new PDM software, it is very simply to understand and deploy.
----- Original Message ----- From: "SiftX Support" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 09, 2004 3:10 AM Subject: [Modus] Firewall and Security > * This is the modus mailing list * > > I disagree with David's assertion the Pro 230 won't work for you scenario > but I would suggest a cluster at a minimum and this is whatever solution you > select. The Pro 330 as an example is right on par with a 515E except the > VPN perfomance on the 515 crushes the sonic walls. I would personally > suggest Pro 3060 w/OS upgrade (buy one, add another for cluster). The Sonic > Wall is better hardware and the PIX is a proven solution. The Sonic OS 2.x > is VERY powerful (granular nat, load balancing, failover, etc) and from my > experience the enhanced sonic os 2.x IS much more flexible than the PIX. I > can do in minutes on the Sonic Wall what is would take me HOURS to do on the > PIX and this goes for debugging as well. No matter what solution you select > David is correct about creating a private network or vlan(s). As for my > experience with both products I have been using Sonic Walls for about 6 > years and PIX's for about 8 years so I feel I am very familiar with both > products and if I have any bias it is from actual use of the product. In > all honesty I wouldn't have suggested a Sonic Wall as an ISP level solution > until about a year ago when they upgraded to their enhanced 2.0 OS which is > absolutey OUTSTANDING! Prior to that is a fairly limited product but well > suited for small to medium size orgnaizations. Good luck in your decision. > > > Thank you, > > SiftX Support > 866-891-0086 > 808-874-8916 Fax > www.siftx.com > > ----- Original Message ----- > From: "David Bauman" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, February 08, 2004 9:38 PM > Subject: [Modus] Firewall and Security > > > > * This is the modus mailing list * > > > > Based upon your description, a good and easy solution would be to setup a > > hardware based firewall (I'm a fan of the PIX myself, not too familiar > with > > Sonicwall) to protect your databases and other critical servers. > > > > Some things to think about: > > > > * VLAN your critical components off your public IP network using private > IP > > addresses. > > * Don't route your private IP addresses across your public routers. > > > > Once your devices are safely on the 'inside' of your network, you can > either > > use NAT on the firewall, and setup ACLs to only allow access from the > public > > servers that require access to the private network, or you can setup a > > second NIC in your servers, and add these interfaces to your inside > network. > > You can also use VPN, but I would not use VPN personally. Going the NIC > > route should be ok in general, but you want to make sure your servers are > > not setup to route IP (like a router). Keep in mind, in any of these > > scenarios, if your public server becomes compromised, your inside network > > could be vulnerable to attack depending on a few factors. > > > > Another option is to put everything behind your firewall, and use NAT with > > ACLs for your public services. Depending on your bandwidth and throughput > > requirements, your costs on the firewall could vary. Also keep in mind > you > > will have a weak link if you do not have some sort of dual firewall > > configuration with failover. > > > > Your Rodopi DB server definitely needs to be secured. My feelings on > > firewalling basic web hosting is a logistical pain the ass. I would go > with > > a server-facing router and perform your high-touch services at the edge > > there. > > > > Regarding the Sonicwall Pro 230: I really do not think this is a 'service > > provider' class product. It seems to be mostly suited for content > providers > > with a rack of servers somewhere, or designed for small/medium enterprise > > networks. > > > > I would recommend a more comprehensive assessment of your security needs > > before just sticking some appliance on your network and sticking > everything > > behind it. > > > > David Bauman > > ANET Internet Solutions > > > > ----- Original Message ----- > > From: "Globalnet" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Sunday, February 08, 2004 10:16 AM > > Subject: [Modus] Firewall and Security > > > > > > > * This is the modus mailing list * > > > > > > We are looking for some info as in regards to security. > > > > > > We have been approached by a security advisor that recommends we place > our > > > network behind a hardware firewall such as the Sonicwall Pro 230 > > > > > > > > > Our concerns is how does this effect the network, etc in the since as > one > > > whom is a ISP, which all the various servers, network issues, etc, > > > Bandwidth? Just about every aspect? > > > > > > Basically here we are in the blind, we want to secure all of our > servers, > > > Especially our sql nt machine running rodopi, mail server, running > > > Modusmail, and Web servers, and FTP Servers, and Radius Servers > > > > > > Is hardware the best to go or what does one recommend in this issue? > > > > > > Any insight here would be appreciated. > > > > > > > > > ** > > > To unsubscribe, send an Email to: [EMAIL PROTECTED] > > > with the word "UNSUBSCRIBE" in the body or subject line. > > > > > > ** > > To unsubscribe, send an Email to: [EMAIL PROTECTED] > > with the word "UNSUBSCRIBE" in the body or subject line. > > > ** > To unsubscribe, send an Email to: [EMAIL PROTECTED] > with the word "UNSUBSCRIBE" in the body or subject line. ** To unsubscribe, send an Email to: [EMAIL PROTECTED] with the word "UNSUBSCRIBE" in the body or subject line.
