Re: Firewall/VPN

From: Leythos (void_at_nowhere.com)
Date: 12/03/03 

Date: Wed, 03 Dec 2003 12:20:30 GMT

In article <1f21a4da.0312022317.3e6cef5b@posting.google.com>,
arman_legend@hotmail.com says...
> I have been looking into some Firewall/VPN boxes. Different brands
> such as Sisco, Snapgear, D-Link, CheckPoint, Watch Guard... (I Want
> the ones that are DMZ capable. They actually have an extra Port called
> DMZ)
> It seems like most of them are able to perfome the same job. Like i
> was Compairing one of the D-Link ones with a Sisco and i realized that
> the D-link regurdless of having as much features or even more seems to
> be much less expensive!
>
> Could someone plz tell me Whats the main thing that distinguishes a
> good Firewall/VPN box from a standard one? or its just a brand name
> like BMW and Merc?

The difference is the level of protection you are going to get.

As an example, the D-Link and Linksys Firewall (so named by the vendor)
are really NAT/PAT devices that are also able to forward and block some
ports.

The Watch Guard device can actually filter active-x, cookies, etc... out
of your web browsing experience. It can also remove attachments from
email (such as mime types that contain executable files).

Most firewall devices can sense an attack (not the D-Link and Linksys)
and then block the IP for XX minutes. Most of the firewall devices (not
the D-Link and Linksys) will block outbound traffic (as well as inbound)
from any port to any port.

In the case of the D-Link and Linksys DMZ ports, all traffic not covered
in a "port forwarding" rule is passed to the DMZ.

In the case of a firewall, the DMZ port has the same protections as the
LAN port - meaning it can have a bunch of rules specific to it - nothing
is forwarded to the DMZ by default. 

-- 
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Relevant Pages

  • Re: OWA connectivity
    ... If you're using PIX on your first firewall and use Checkpoint on ... opened and hosts to which they must be opened between the DMZ and Intranet ... First though I'd like to admit I made a mistake in talking about SMTP port ... Whether or not you use a proxy server in this setup is up to ...
    (microsoft.public.exchange.admin)
  • RE: [fw-wiz] False results to DMZ
    ... The firewall allows anything IP from this scanner. ... > Using NMAP, If I scan one specific DMZ, I only get results with the SYN ... AND it says every port is open. ... Can you post a sanitized version of your PIX config? ...
    (Firewall-Wizards)
  • Re: Dual nic with DMZ via firewall
    ... the WAN NIC to be in our firewalls DMZ. ... email or rww would be protected via DMZ firewall rules. ... If the SBS box is compromised then it also exists on the LAN so maybe ... If you have the SBS server WAN port in the DMZ and your Firewalls LAN is ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA connectivity
    ... First though I'd like to admit I made a mistake in talking about SMTP port ... Secondly opening these ports from your DMZ towards your LAN is not insecure ... Whether or not you use a proxy server in this setup is up to you. ... I feel is not a true firewall and should be used as ...
    (microsoft.public.exchange.admin)
  • Adding Wireless access point
    ... I want to add a D-Link Wireless access point to my network. ... I have a Firebox Firewall which has a trusted zone for my LAN and a DMZ ...
    (microsoft.public.backoffice.smallbiz2000)