* This is the modus mailing list * I always thought a Class C was 256 addresses, 254 usable.
My subnet calculator must be broke. John -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SiftX Support Sent: Monday, February 09, 2004 1:35 PM To: [EMAIL PROTECTED] Subject: [Modus] Firewall and Security * This is the modus mailing list * I think you may be a bit misinformed. For one a C class network is 65000 hosts, and two if you would like to log into one of your sonic walls you can go under network>lan settiings (which is the second tab) and choose to add a subnet. I have one box with 12 subnets and I have never exceeded 12 subnets and I don't know what the limit actually is, I believe 255. Do you really think it logical that a sonic wall capable of unlimited users and some being 300,000 connections would be limited to 256? Might want to review your knowledge of Sonic Walls. I can see why you wouldn't feel this to be a solution given your understanding of the product. Thank you, SiftX Support 866-891-0086 808-874-8916 Fax www.siftx.com ----- Original Message ----- From: "OKC Broadband Support" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 09, 2004 5:06 AM Subject: [Modus] Firewall and Security > * This is the modus mailing list * > > We have used Sonicwall products before and even some with the new 2.x OS as > well. The only drawback I see with the Sonicwall product line is the > inability to protect more than one Class C per device. I think what the > previous post was saying about "not for ISP's" may have been geared around > this fact. For example, if you operate a fiber connection with 45 meg of > bandwidth, yes the Sonicwall would be able to handle the packet inspection > at that speed but what if you have 2560 IP's? This may no longer be a > problem....but the product used to only be able to handle 256 at a time. I > always loved the functionality and reliability of the Sonicwall product > line, but we could never feasibly get around that limitation in our > environment. For FYI when we sell a firewall to a customer it is a > Sonicwall!!! > > I would be interested to see if anyone else has any experience with this > specific issue. > > Ken Grimes > > > > ----- Original Message ----- > From: "SiftX Support" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, February 09, 2004 3:10 AM > Subject: [Modus] Firewall and Security > > > > * This is the modus mailing list * > > > > I disagree with David's assertion the Pro 230 won't work for you scenario > > but I would suggest a cluster at a minimum and this is whatever solution > you > > select. The Pro 330 as an example is right on par with a 515E except the > > VPN perfomance on the 515 crushes the sonic walls. I would personally > > suggest Pro 3060 w/OS upgrade (buy one, add another for cluster). The > Sonic > > Wall is better hardware and the PIX is a proven solution. The Sonic OS > 2.x > > is VERY powerful (granular nat, load balancing, failover, etc) and from my > > experience the enhanced sonic os 2.x IS much more flexible than the PIX. > I > > can do in minutes on the Sonic Wall what is would take me HOURS to do on > the > > PIX and this goes for debugging as well. No matter what solution you > select > > David is correct about creating a private network or vlan(s). As for my > > experience with both products I have been using Sonic Walls for about 6 > > years and PIX's for about 8 years so I feel I am very familiar with both > > products and if I have any bias it is from actual use of the product. In > > all honesty I wouldn't have suggested a Sonic Wall as an ISP level > solution > > until about a year ago when they upgraded to their enhanced 2.0 OS which > is > > absolutey OUTSTANDING! Prior to that is a fairly limited product but well > > suited for small to medium size orgnaizations. Good luck in your decision. > > > > > > Thank you, > > > > SiftX Support > > 866-891-0086 > > 808-874-8916 Fax > > www.siftx.com > > > > ----- Original Message ----- > > From: "David Bauman" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Sunday, February 08, 2004 9:38 PM > > Subject: [Modus] Firewall and Security > > > > > > > * This is the modus mailing list * > > > > > > Based upon your description, a good and easy solution would be to setup > a > > > hardware based firewall (I'm a fan of the PIX myself, not too familiar > > with > > > Sonicwall) to protect your databases and other critical servers. > > > > > > Some things to think about: > > > > > > * VLAN your critical components off your public IP network using private > > IP > > > addresses. > > > * Don't route your private IP addresses across your public routers. > > > > > > Once your devices are safely on the 'inside' of your network, you can > > either > > > use NAT on the firewall, and setup ACLs to only allow access from the > > public > > > servers that require access to the private network, or you can setup a > > > second NIC in your servers, and add these interfaces to your inside > > network. > > > You can also use VPN, but I would not use VPN personally. Going the NIC > > > route should be ok in general, but you want to make sure your servers > are > > > not setup to route IP (like a router). Keep in mind, in any of these > > > scenarios, if your public server becomes compromised, your inside > network > > > could be vulnerable to attack depending on a few factors. > > > > > > Another option is to put everything behind your firewall, and use NAT > with > > > ACLs for your public services. Depending on your bandwidth and > throughput > > > requirements, your costs on the firewall could vary. Also keep in mind > > you > > > will have a weak link if you do not have some sort of dual firewall > > > configuration with failover. > > > > > > Your Rodopi DB server definitely needs to be secured. My feelings on > > > firewalling basic web hosting is a logistical pain the ass. I would go > > with > > > a server-facing router and perform your high-touch services at the edge > > > there. > > > > > > Regarding the Sonicwall Pro 230: I really do not think this is a > 'service > > > provider' class product. It seems to be mostly suited for content > > providers > > > with a rack of servers somewhere, or designed for small/medium > enterprise > > > networks. > > > > > > I would recommend a more comprehensive assessment of your security needs > > > before just sticking some appliance on your network and sticking > > everything > > > behind it. > > > > > > David Bauman > > > ANET Internet Solutions > > > > > > ----- Original Message ----- > > > From: "Globalnet" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Sunday, February 08, 2004 10:16 AM > > > Subject: [Modus] Firewall and Security > > > > > > > > > > * This is the modus mailing list * > > > > > > > > We are looking for some info as in regards to security. > > > > > > > > We have been approached by a security advisor that recommends we place > > our > > > > network behind a hardware firewall such as the Sonicwall Pro 230 > > > > > > > > > > > > Our concerns is how does this effect the network, etc in the since as > > one > > > > whom is a ISP, which all the various servers, network issues, etc, > > > > Bandwidth? Just about every aspect? > > > > > > > > Basically here we are in the blind, we want to secure all of our > > servers, > > > > Especially our sql nt machine running rodopi, mail server, running > > > > Modusmail, and Web servers, and FTP Servers, and Radius Servers > > > > > > > > Is hardware the best to go or what does one recommend in this issue? > > > > > > > > Any insight here would be appreciated. > > > > > > > > > > > > ** > > > > To unsubscribe, send an Email to: [EMAIL PROTECTED] > > > > with the word "UNSUBSCRIBE" in the body or subject line. > > > > > > > > > ** > > > To unsubscribe, send an Email to: [EMAIL PROTECTED] > > > with the word "UNSUBSCRIBE" in the body or subject line. > > > > > > ** > > To unsubscribe, send an Email to: [EMAIL PROTECTED] > > with the word "UNSUBSCRIBE" in the body or subject line. > > > ** > To unsubscribe, send an Email to: [EMAIL PROTECTED] > with the word "UNSUBSCRIBE" in the body or subject line. ** To unsubscribe, send an Email to: [EMAIL PROTECTED] with the word "UNSUBSCRIBE" in the body or subject line. ** To unsubscribe, send an Email to: [EMAIL PROTECTED] with the word "UNSUBSCRIBE" in the body or subject line.
