|
Your
likely least expensive solution is to purchase the firewall feature set for the
Cisco IOS in your existing router. Depending on the age and specific model of
your 2620, it may require memory upgrades to run FWFS.
The
FWFS is a decent firewall.
Staying with a Cisco solution, I'd tend to want to purchase a separate
device, a PIX firewall.
We are
all Cisco. Our access-layer routers are Cisco 7200 series routers, behind them
are a number of Cisco layer-3 switches (Catalyst 5000 and 3550 series) and then
we have PIXen, plus some other 2600/3700 series routers.
We use
the FWFS, the PIXen, and access control lists in the distribution layer routers
and layer-3 switches for multiple layers of protection. VLANs are also a key
component of our security model as well as a strong degree of physical
separation from different pieces of our networks (customer, internal,
external, office, DMZ).
This
doesn't even touch the VPN issues, which are another added layer of complexity
in our network.
But
you should be able to retain a decent Cisco partner for a few days, work with
him/her and come up with a plan that provides reasonable levels of security
just with the 2620, FWFS, and VLAN capable switches.
|
- [Modus] Firewalls for ISPs Admin
- [Modus] Firewalls for ISPs Denis Auger
- [Modus] Firewalls for ISPs Ronnie Franklin
- [Modus] Firewalls for ISPs Jon Saunders - SECPA
- [Modus] Firewalls for ISPs Michael B. Smith
- [Modus] Firewalls for ISPs John M. Troher
- [Modus] Firewalls for ISPs Ronnie Franklin
- [Modus] upgrading vopmail to modusmail l... David Payer
- [Modus] upgrading vopmail to modusma... Frank M. Cook
- [Modus] upgrading vopmail to modusma... Peter Wimbourne
- [Modus] upgrading vopmail to modusma... Ernest W. Lessenger
- [Modus] Firewalls for ISPs John M. Troher
