Re: One Firewall with DMZ versus Two Firewalls

From: Erik (erik@geenspam.vanwesten.net)
Date: 05/17/02

• Next message: Larry W4CSC: "Re: Radio Free Virgin - peer-to-peer streaming audio/video"
• Previous message: Larry W4CSC: "Re: OT: Saving flash file from website"
• In reply to: Michael Adams: "One Firewall with DMZ versus Two Firewalls"
• Next in thread: x y: "Re: One Firewall with DMZ versus Two Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Erik <erik@geenspam.vanwesten.net>
Date: 16 May 2002 23:09:23 GMT

Michael Adams <michaeladams@no-spm.hotmail.com> wrote:
> I am looking at the prices of Firewalls with DMZ ports, and most are $1500+.
> Ones without DMZ ports are about a third the cost.

> Would I be just as well off from a security standpoint (or even better off)
> by using a router to feed two firewalls instead (one for the web server and
> one for the private network)?

> I was thinking of a topology such as that below:

> -- Firewall 1 -- Web Server
> Internet -- Router
> -- Firewall 2 -- Private Network

> I was considering using using two Zyxel Zywalls, and an SMC router, which
> would cut the cost in half. Any feedback would be appreciated.

Even better:

Internet -- Router -- Firewall -- Leg 1 eg Web server
                               -- Leg 2 eg DNS server
                               -- Leg 3 Private network 1
                               -- Leg 4 Private network 2
In other words: there is very limited added value in using 2 firewalls
where you use above setup.

The good part: It can be free of charge. Use an old computer with Linux
and shorewall (www.shorewall.net) or FreeBSD with ipfw or ipf, or
OpenBSD with pf.

With any of abovementioned products you can build firewalls at least
equal in strength as Zyxel. Do _not_ run services on your firewall.

KEEP UP WITH PATCHES on your webserver! Firewalls usually do NOT protect
your servers from attacks on content.

HTH,

EJ

-- 
For OpenBSD pf en nat rule examples: http://www.vanwesten.net 

---

• Next message: Larry W4CSC: "Re: Radio Free Virgin - peer-to-peer streaming audio/video"
• Previous message: Larry W4CSC: "Re: OT: Saving flash file from website"
• In reply to: Michael Adams: "One Firewall with DMZ versus Two Firewalls"
• Next in thread: x y: "Re: One Firewall with DMZ versus Two Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: One Firewall with DMZ versus Two Firewalls ... > I am looking at the prices of Firewalls with DMZ ports, ... > Internet -- Router ... > I was considering using using two Zyxel Zywalls, and an SMC router, which> would cut the cost in half. ... (comp.security.firewalls) Re: SonicWall Firewall ... >Many firewalls are basing there cost and level of service on ... I know that a single user generates ... If money is an important variable, ... And, then, don't forget to use Froogle fo tind the lowest cost ... (comp.security.firewalls) One Firewall with DMZ versus Two Firewalls ... I am looking at the prices of Firewalls with DMZ ports, ... Ones without DMZ ports are about a third the cost. ... Internet -- Router ... (comp.security.firewalls) One Firewall with DMZ versus Two Firewalls ... I am looking at the prices of Firewalls with DMZ ports, ... Ones without DMZ ports are about a third the cost. ... Internet -- Router ... (comp.security.firewalls) Re: One Firewall with DMZ versus Two Firewalls ... the vigor serie has dmz option and is a lot cheaper. ... > Ones without DMZ ports are about a third the cost. ... > by using a router to feed two firewalls instead (one for the web server ... > Internet -- Router ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)