Re: Should I go for a firewall

From: Wolfgang Kueter (wolfgang_at_shconnect.de)
Date: 05/17/05

Next message: Eirik Seim: "Re: problem with firewalls blocking all ports for bind() call"

Previous message: jasonshohet_at_gmail.com: "application level gateway vs 'normal' gatway"
In reply to: dvraghavan1_at_yahoo.com: "Should I go for a firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 17 May 2005 23:24:31 +0200

dvraghavan1 wrote:

> I am part of the IT team for a SW Company. We develop/maintain SW for a
> few customers around the globe. There are abt 1000 employees in the
> org.
>
> For security we are using a Checkpoint firewall on the perimeter.
>
> Now to improve security, we are thinking of going for internal firewall
> also.
>
> I plan to subnet the network into different projects.

In general that is a good idea.

> My requirements for the internal firewall is that different project
> teams should not access each other network. Also there will be a subnet
> where common servers will be located and this should be accessible.
> (VPNs for the client networks are handled by checkpoint)

Correct approach.

> My boss says a L3 switch with ACL should be sufficient for the internal
> firewall

CP offers VLAN possibilities.

> whereas I feel we should go for a Netscreen / Cisco PIX as the
> internal firewall.

I'd not recommend using another platform for the internal filters. You say
that you use Checkpoint, so you are probably used to it. You can manage a
lot of firewall modules from a single central Checkpoint management
server. Why do you want to introduce another platform besides Checkpoint?

> Can I get the views of the people here as to the advantages or
> disadvantages of these 2 options.
> If there is any other suitable option that I am missing pls give that
> too.

Stick to what you are used to. Introducing another platform will mean more
costs for adminstration, training, log analysis etc.

Wolfgang

Next message: Eirik Seim: "Re: problem with firewalls blocking all ports for bind() call"

Previous message: jasonshohet_at_gmail.com: "application level gateway vs 'normal' gatway"
In reply to: dvraghavan1_at_yahoo.com: "Should I go for a firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: suggestions on a good firewall
... I can netcat through my CheckPoint FW to my mail servers, ... The PIX is not a true application level firewall. ... IT Technical Security Officer ... Hacking & Assessment, Cisco Security, Wireless Security & more! ...
(Security-Basics)
RE: suggestions on a good firewall
... The PIX is not a true application level firewall. ... IT Technical Security Officer ... BTW I never said I disliked Checkpoint, ... Hacking & Assessment, Cisco Security, Wireless Security & more! ...
(Security-Basics)
Re: [fw-wiz] Opinions wanted...
... he's confident that his server team can secure the underlying platform as well as an appliance solution secure its product. ... Your motivation might be performance, issues with feature set of proxies, desire for an application level security feature you currently don't have, IPv6 support, etc. ... - either solution will require an equal amount of training to understand and my guess is that the VAR who is recommending against checkpoint will make more money if you buy checkpoint versus sidewinder. ... firewall-wizards mailing list ...
(Firewall-Wizards)
RE: suggestions on a good firewall
... Cisco does not do ... BTW I never said I disliked Checkpoint, ... suggestions on a good firewall ... standards (Open Platform for Security) Is brought to you by Checkpoint ...
(Security-Basics)
Re:RE : suggestions on a good firewall
... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ...
(Security-Basics)