Re: Small office firewall/vpn/security appliance

From: Leythos (void_at_nowhere.lan)
Date: 10/03/05 

Date: Mon, 03 Oct 2005 18:03:03 GMT

In article <m2e0f.17721$p5.10827@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...
>
> "Leythos" <void@nowhere.lan> wrote in message
> news:MPG.1dab26f39fac735998a1a7@news-server.columbus.rr.com...
> > In article <1Ha0f.7$vE5.6@lakeread03>, nospam@modeldriven.org says...
> >> Great info - but I'm still not sure if your can use the hardware ports as
> >> lans - perhaps I should just tell you what I would like to do.
> >>
> >> I would like the normal untrust, DMZ and internal trust lan plus a "sort
> >> of
> >> trusted" lan for a guest wireless segment and a second DMZ on which I
> >> will
> >> connect a windows box we keep on the "outside" for Netmeeting and some
> >> other
> >> services. But the I don't really want the windows box to have access to
> >> the
> >> "real" server in the DMZ since it could get more easily compromised.
> >>
> >> The Netmeeting box allows us and others to connect to it from behind
> >> firewalls since it has a static IP.
> >
> > So you want a WAN, LAN, DMZ, DMZ networks - that means 4 ports/jacks
> > with rules for each.
> >
> > The WatchGuard Firebox X700 with the Pro upgrade will give you 6
> > different network ports and allow you to setup like that.
> >
>
> For roughly double the price, yes.

Yep, but if you didn't need the 4th port you could use about any
solution and even cheaper ones.

You could setup a wireless router in your DMZ, have it issue IP's, and
then have the user VPN into the LAN in order to get LAN access.

If you select an open-source solution you can have as many NIC's and
subnets as you want, but it's not as simple to setup.

Maybe put your wireless unit on a Public IP, use WPA and Mac filtering,
disable SSID broadcasting, and then have users PPTP into the network to
use it - you would only need three ports with that. 

-- 
spam999free@rrohio.com
remove 999 in order to email me

Relevant Pages

  • Re: OWA 2003 in DMZ ??
    ... Thought I answered that but let me reiterate: High security is not ... something you'll be able to accomplish in that scenario that you have setup. ... Ports are mostly the same as E2K in E2K3. ... server will talk with. ...
    (microsoft.public.exchange.admin)
  • Re: Port 1214 - Is It Used For A Specific Purpose?
    ... >> for any number of mystery ports to every accessible address in your ... >> would be passing TCP setup for this port on to you in the first place, ... > ADSL Modem/Router ... But irregardless of the type of filter, ...
    (FreeBSD-Security)
  • Cups
    ... PM-740DU inkjet printer. ... desktop applications let alone from any of the networked machines via ... actually having installed the pips780 file from ports I ran the setup ... is the name I gave the printer in the setup. ...
    (freebsd-questions)
  • Re: VPN Router Setup Question
    ... Depending on the Cayman model in the Pinhole Setup there may or may not be a ... that setup is better/easier than adding separate Pinholes since you have ... > all ports routed to the external facing NIC on the sbs server. ... > 'pinhole' through NAT. ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall ???
    ... >connections, ... If it is rigorously true that the system will not accept ... cracked - through network ports from the outside, ... However, if the system is still connected to a network, ports ...
    (alt.computer.security)