[fw-wiz] Protecting a datacentre with a firewall

From: Lazló Carreidas (LazloCarreidas_at_netscape.net)
Date: 05/02/03

  • Next message: Jim Seymour: "Re: [fw-wiz] Soap - Was RPCs over HTTPS through the firewall"
    To: firewall-wizards@honor.icsalabs.com
    Date: Fri, 02 May 2003 16:07:06 -0400

    Hi Wizards

    I am working for a multinational company. Our IT management is worried that somebody could abuse our WAN infrastructure, and use it to attack our servers in the Headquarters (we have centralised here core business systems, and so they are used from everywhere in the world).

    Therefore, they have asked us (the security unit) to study and plan the installation of a firewall (most certainly a Cisco PIX) cluster (for failover) that would "isolate" the datacentre (about 150 servers running different flavours of Windows, NetWare, UNIX and OS/400) from the rest of the network infrastructure.

    I already know that it would be quite difficult. For example, we would need to get rid of all legacy protocols other than IP (IPX, SNA and NetBIOS for sure), have to document every address and port needed to be accessed by the users, etc...

    The main concern of our colleagues in the network unit is that we would need to span all the traffic to one (or maybe a bit more) interface on the firewall, which would maybe overload the core switch. There would also be latency issues, etc...
    Our main concern is of course the management of this firewall, due to the huge number of systems involved.

    We would like to know your opinion on this subject, if somebody did that already, it there would be better ways (ACLs and routers and switches, for example), if choosing a PIX is a good idea (performance, for example) and even if it is feasible...

    Thank you for your input


    Try AOL and get 1045 hours FREE for 45 days!

    Get AOL Instant Messenger 5.1 for FREE! Download Now!
    firewall-wizards mailing list

  • Next message: Jim Seymour: "Re: [fw-wiz] Soap - Was RPCs over HTTPS through the firewall"