[ale] OT: Firewall purchase

David Hamm ale at spinnerdog.com
Wed Jul 7 21:53:17 EDT 2004 

Jonhton,

I'm cirtanly interested in a PIX if it does ospf and costs around $500.

> Number of clients? 
The network isn't that big only about 100 users total.  

> Do you need a DMZ port?
I don't use DMZ ports I'd prefer using ACLs in the internet router or an 								
additional firewall to produce a DMZ. 
 
> Number of remote VPN sessions?
Fifty VPN sessions would be plenty.  But I'd like to use IPSEC for both 
workstation to network and network to network VPNs.

> How much total throughput do you need?
Currently the company has a single T1 so any firewall will handle it.

> 3DES or DES?
I allways pick 3DES but I can't really say it is necessary.  Most of the 
sessions will be ICA anyway.  So it's not quite as crackable as telnet or 
some of the other.

Could I get some sorta rack mount kit to go with it??

On Wednesday 07 July 2004 11:40 am, Jonathan Rickman wrote:
> > -----Original Message-----
> > From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On
> > Behalf Of David Hamm
> > Sent: Tuesday, July 06, 2004 7:32 PM
> > To: Atlanta Linux Enthusiasts
> > Subject: Re: [ale] OT: Firewall purchase
> >
> > Sure, the network be hind the firewall is Frame-Relay, all
> > the remotes come back through the firewall for internet
> > access.  I chose ospf since there were version conflicts with
> > RIP.  Now that OSPF is up and running I've found I like it.
> > Its faster and more flexible.
>
> Do you need a DMZ port?
> How much total throughput do you need?
> 3DES or DES?
> VPN Throughput?
>
> Number of remote VPN sessions?
>
> A Cisco PIX will take care of your needs handily and you'd be surprised at
> how robust the entry level units are. A lot of folks shy away from the PIX
> because of percieved expenses. PIX solutions start in the $400 range. Many
> folks skim right past the 501 and 506 because they can't believe that that
> itty bitty wittle box can handle their big manly network. :) Sure, pricing
> is high from the 515 on up, but the entry models fit the bill nicely for
> some pretty big networks. In my opinion, if the network you are describing
> is so big/busy that a PIX 501 or 506 can't handle it, then you can afford
> to come off the dime. Of course, this does mean that user licensing comes
> into play, but it is not really that bad overall. If you can answer those
> questions definitively, I'll give you the exact model number and price.
>
> --
> Jonathan
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list