creating a DMZ -- seeking firewall advice

Eric Jensen eric at emstraffic.com
Tue Mar 8 11:58:21 MST 2005


Ryan Byrd wrote:

>so our small business is becoming a medium-sized business and we are
>planning on switching from a bunch of servers running iptables to a
>more enterprise layout with a couple of hardware firewalls creating a
>DMZ for our webservers.
>
>Any advice? I head that Cisco PIX firewalls are industry standard for
>this type of thing. Anyone have any experience with those? Is there a
>less expensive but equally as robust firewall?
>
>ideas?
>
>mrb
>.===================================.
>| This has been a P.L.U.G. mailing. |
>|      Don't Fear the Penguin.      |
>|  IRC: #utah at irc.freenode.net   |
>`==================================='
>
>  
>
We found ourselves in the same situation and the bosses went with a 
Firebox to go with the rest all of our shiny new rack equipment.  I 
don't know a lot about Firewalls, but if you ask me the big expensive 
ones do way to much garbage just so they can up the price.  Weird stuff 
like making sure people don't spend too much time looking at non-work 
related sites in a day and blocking stuff they want to download, like 
movies.  We didn't buy a Firebox to micromanage our employees and 
destroy morale, just wanted security.  It does have a nice interface 
though.  Haven't checked out the web interface because the application 
one is plenty nice.  I think I would rather hook up a Linux box and do a 
lot of RTFM to get a really nitty gritty firewall up so I know exactly 
what it is doing.  We've had a few surprises with this one and thought, 
"Why the hell is it doing something like that?".  But if you don't have 
to time frame for that, then I can going for Cisco or whatever.

Eric Jensen



More information about the PLUG mailing list