Webdude, You really should do yourself a favor and put in a good firewall.
Take a look at the Watchguard X500 costs about $1500, or you might even want to go to an x700. www.watchguard.com With a good firewall, you can do statefull packet filtering, proxy services, and intrusion detection. I think for a very large organization w/ a mail server it is really important to have the SMTP proxy running that analysis e-mail and can block invalid attachments and mime types. They also have spam filter that can be installed and the Firewall. The Watchguard products are especially nice because they come with a very nice monitoring and logging console. A good firewall Watchguard or Cisco also come with VPN capabilities. The Watchguard X series has the ability to set up VPNs using the MS pptp protocall, so you don't have to load any special VPN software at the client. Some people will say you should go with a Cisco Pix firewall, but by the time you get all of the pieces especially the monitoring console, you will spend quite a bit more, and won't gain a whole lot of benefit. There are a lot of good arguments for using Cisco, but you will spend more. Troy -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, January 28, 2005 6:30 AM To: [email protected] Subject: Witango-Talk: Off Topic - Firewall Hey all, The company I was with has merged with another and I am in the middle of doing some major network stuff. I need some advice on a good firewall. I have been looking at the ISA server from MS and I am wondering if I need so much of their crap that I would never use. Anyway, this is what I got going... DMZ... 50 websites on 2 Win2k servers running Witango - IIS5. 2 DNS servers - Win2k public Class C IP block MSSQL 7.0 Server (currently in DMZ but not sure if it needs to be) - Win2k Email Servers - Win2k Internal... 20 PCs 20 Macs 2 App Servers Dhcp Server (I am going to get rid of this) Accounting Server I would like to set up a maching with 3 NICs -- Internal, External and DMZ. Currently I am running just some port blocks on the router to the DMZ. After the DMZ I have a "home built" firewall in Linux (I need to get rid of this - way to cumbersom to administrate) Looking for something that will support multiple IPs in the DMZ, and the internal. I don't want to have to redo all my DNS and IP structure to get this to work. That would be way too much of a headache. Any referrals or comments would be appreciated. Thanks! ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
