* This is the modus mailing list *
The only one thing about sonicwalls that can be a sticking point last time I checked is they will not route multicast traffic over VPN if you wanted or needed it. In the case of VOIP and conference calls, sometimes routing multicast packets across the VPN tunnel is required. Other than than the sonicwalls are nice equipment and pleasant to manage. Quoting SiftX Support <[EMAIL PROTECTED]>: > * This is the modus mailing list * > > I understand your reservation about the sonic walls but as I said I have a > great deal of experience with both products and given the situation I feel > the sw. As for you setting up a PIX in minutes sure you can but it would be > a very basic configuration. Again, from my experience it takes considerably > longer for me to perform start to finish scenarios on the PIX in comparison. > You could use cisco config maker as well but that isn't going to give you > much of a config. I personally feel the PIX is old tech although very > capable old tech. The new sonic walls are much more inovative and more with > the enhanced os I believe to be MORE configurable. Again, I wouldn't have > said this more than a year ago. As for handling a DoS attack I would say it > would handle it better but this would be model specific (3060/4060 for sure > better). The 515's are low mhz's celerons and the 535 is a 1ghz p3. The > proc spec really does matter when considering how well it would handle an > attack albeit the OS does matter but we are assuming this this case as they > perform similarly. The PIX on updated hardware may very well outperform the > SW on similar hardware. Plain and simple these are new systems with a > reworked OS so it's really hard to compare. If you resell them get an NFR > they are very inexpensive and you can see for yourself. I am basing my > decision on the flexibility of the unit and I feel the unit will scale very > well. The performance margin between comparable models just isn't > convincing even on paper. You could go either way and you wouldn't be > making a bad decision. If you like PIX buy PIX, and the same for Sonic > Walls. > > Thank you, > > SiftX Support > 866-891-0086 > 808-874-8916 Fax > www.siftx.com > ----- Original Message ----- > From: "David Bauman" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, February 09, 2004 9:10 AM > Subject: [Modus] Firewall and Security > > > > * This is the modus mailing list * > > > > Just to note, I never said a sonicwall 'wont' work, I just wouldn't > > recommend it, especially without knowing more information about their > > existing network, predicted growth and plans for increasing capacity to > > fufil customer demands. Is their network in a place where a Sonicwall > will > > work now, but maybe will not be robust enough in 6-12 months? Can a > > Sonciwall handle a significant DoS attack? I had a colo customer this > > morning get flooded with a 40M DoS attack on their Pix515, and the PIX > just > > performed enough to (barely) keep their content up and running. The PIX > to > > get up and running takes minutes, not hours. And if you use the new PDM > > software, it is very simply to understand and deploy. > > > > > > ----- Original Message ----- > > From: "SiftX Support" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, February 09, 2004 3:10 AM > > Subject: [Modus] Firewall and Security > > > > > > > * This is the modus mailing list * > > > > > > I disagree with David's assertion the Pro 230 won't work for you > scenario > > > but I would suggest a cluster at a minimum and this is whatever solution > > you > > > select. The Pro 330 as an example is right on par with a 515E except > the > > > VPN perfomance on the 515 crushes the sonic walls. I would personally > > > suggest Pro 3060 w/OS upgrade (buy one, add another for cluster). The > > Sonic > > > Wall is better hardware and the PIX is a proven solution. The Sonic OS > > 2.x > > > is VERY powerful (granular nat, load balancing, failover, etc) and from > my > > > experience the enhanced sonic os 2.x IS much more flexible than the PIX. > > I > > > can do in minutes on the Sonic Wall what is would take me HOURS to do on > > the > > > PIX and this goes for debugging as well. No matter what solution you > > select > > > David is correct about creating a private network or vlan(s). As for my > > > experience with both products I have been using Sonic Walls for about 6 > > > years and PIX's for about 8 years so I feel I am very familiar with both > > > products and if I have any bias it is from actual use of the product. > In > > > all honesty I wouldn't have suggested a Sonic Wall as an ISP level > > solution > > > until about a year ago when they upgraded to their enhanced 2.0 OS which > > is > > > absolutey OUTSTANDING! Prior to that is a fairly limited product but > well > > > suited for small to medium size orgnaizations. Good luck in your > decision. > > > > > > > > > Thank you, > > > > > > SiftX Support > > > 866-891-0086 > > > 808-874-8916 Fax > > > www.siftx.com > > > > > > ----- Original Message ----- > > > From: "David Bauman" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Sunday, February 08, 2004 9:38 PM > > > Subject: [Modus] Firewall and Security > > > > > > > > > > * This is the modus mailing list * > > > > > > > > Based upon your description, a good and easy solution would be to > setup > > a > > > > hardware based firewall (I'm a fan of the PIX myself, not too familiar > > > with > > > > Sonicwall) to protect your databases and other critical servers. > > > > > > > > Some things to think about: > > > > > > > > * VLAN your critical components off your public IP network using > private > > > IP > > > > addresses. > > > > * Don't route your private IP addresses across your public routers. > > > > > > > > Once your devices are safely on the 'inside' of your network, you can > > > either > > > > use NAT on the firewall, and setup ACLs to only allow access from the > > > public > > > > servers that require access to the private network, or you can setup a > > > > second NIC in your servers, and add these interfaces to your inside > > > network. > > > > You can also use VPN, but I would not use VPN personally. Going the > NIC > > > > route should be ok in general, but you want to make sure your servers > > are > > > > not setup to route IP (like a router). Keep in mind, in any of these > > > > scenarios, if your public server becomes compromised, your inside > > network > > > > could be vulnerable to attack depending on a few factors. > > > > > > > > Another option is to put everything behind your firewall, and use NAT > > with > > > > ACLs for your public services. Depending on your bandwidth and > > throughput > > > > requirements, your costs on the firewall could vary. Also keep in > mind > > > you > > > > will have a weak link if you do not have some sort of dual firewall > > > > configuration with failover. > > > > > > > > Your Rodopi DB server definitely needs to be secured. My feelings on > > > > firewalling basic web hosting is a logistical pain the ass. I would > go > > > with > > > > a server-facing router and perform your high-touch services at the > edge > > > > there. > > > > > > > > Regarding the Sonicwall Pro 230: I really do not think this is a > > 'service > > > > provider' class product. It seems to be mostly suited for content > > > providers > > > > with a rack of servers somewhere, or designed for small/medium > > enterprise > > > > networks. > > > > > > > > I would recommend a more comprehensive assessment of your security > needs > > > > before just sticking some appliance on your network and sticking > > > everything > > > > behind it. > > > > > > > > David Bauman > > > > ANET Internet Solutions > > > > > > > > ----- Original Message ----- > > > > From: "Globalnet" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Sunday, February 08, 2004 10:16 AM > > > > Subject: [Modus] Firewall and Security > > > > > > > > > > > > > * This is the modus mailing list * > > > > > > > > > > We are looking for some info as in regards to security. > > > > > > > > > > We have been approached by a security advisor that recommends we > place > > > our > > > > > network behind a hardware firewall such as the Sonicwall Pro 230 > > > > > > > > > > > > > > > Our concerns is how does this effect the network, etc in the since > as > > > one > > > > > whom is a ISP, which all the various servers, network issues, etc, > > > > > Bandwidth? Just about every aspect? > > > > > > > > > > Basically here we are in the blind, we want to secure all of our > > > servers, > > > > > Especially our sql nt machine running rodopi, mail server, running > > > > > Modusmail, and Web servers, and FTP Servers, and Radius Servers > > > > > > > > > > Is hardware the best to go or what does one recommend in this issue? > > > > > > > > > > Any insight here would be appreciated. > > > > > > > > > > > > > > > ** > > > > > To unsubscribe, send an Email to: [EMAIL PROTECTED] > > > > > with the word "UNSUBSCRIBE" in the body or subject line. > > > > > > > > > > > > ** > > > > To unsubscribe, send an Email to: [EMAIL PROTECTED] > > > > with the word "UNSUBSCRIBE" in the body or subject line. > > > > > > > > > ** > > > To unsubscribe, send an Email to: [EMAIL PROTECTED] > > > with the word "UNSUBSCRIBE" in the body or subject line. > > > > > > ** > > To unsubscribe, send an Email to: [EMAIL PROTECTED] > > with the word "UNSUBSCRIBE" in the body or subject line. > > > ** > To unsubscribe, send an Email to: [EMAIL PROTECTED] > with the word "UNSUBSCRIBE" in the body or subject line. > ** To unsubscribe, send an Email to: [EMAIL PROTECTED] with the word "UNSUBSCRIBE" in the body or subject line.
