Firewalls

Well i would like to hear your opinions about defferent types of firewalls. What Firewalls are you using in your company, reasons for using them etc.

I recently replace a Firebox X Peak E-Series with a Cisco ASA 5520.

After reading this article : http://www.networkworld.com/reviews/2007/121007-firewall-test.html?page=1

I don't know if i did the right thing

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

RTmarc

FortiGate 500As and FortiGate 300As.

http://www.fortinet.com

FortiGates

hypnotoad

You must have some pretty serious bandwidth at the point where this firewall is going ??

Netstudent

Netscreen NS25 at all sites. These were purchased and in place before I started with the company. They're alright. They get the job done so I have nothing bad to say about them.

HeroPsycho

For enterprise class organizations, you really want cascading firewalls. For best security, they should be of two different core OS's. For best performance, I prefer ASIC type appliances such as a PIX or something similar on the edge, as they do a good job rapidly dropping packets that don't conform to the select few protocols or ports you're allowing in from the internet.

The second level firewall, or internal firewalls placed within the internal LAN, should be able to do more than basically packet level filtering. Ideally, it should be able to inspect traffic all the way down to the application layer for even application layer attacks. For this, I like ISA 2004/2006. It's one of the only firewall products that can do this type of traffic examination, and even inspect within an encrypted SSL tunnel.

Also, notice it is of a different base OS than the edge firewall, which guarantees that even if an intruder managed to compromise the edge, knowledge of that OS alone wouldn't allow the attacker to breach the second layer of defense.

Netstudent

For you guys that work with webservers with a backend SQL database, do you guys have a firewall just for backend database traffic or do you just redirect the web server back through the DMZ?

Ahriakin

Cisco scored highly (top 3) in their UTM tests of the same products (article referenced in this one). I agree with their criticisms though, their IPS really needs extra software/appliances for proper monitoring and of course they are not the easiest things in the world to configure correctly. But at least for small-mid sized businesses not needing that extreme bandwidth referenced in the article the ASAs are an excellent solution. $5k for a 5510 with AIP-SSM10 giving us hardware Firewall/VPN/IPS is a (relative) steal.

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of