Network Setup

Archived from groups: comp.security.firewalls (More info?)

I'll give ya a little bit of background on my current situation:

As of right now I have a 8 port linksys BEFSR81 Router/switch and a
SmartLink 8-port switch.
I have a server running Windows Small Business Server 2003, and using IIS
6.0 to run multiple websites
We are on ADSL internet and have 5 IPs available to us, however right now we
are only using one because that is all the linksys can handle.

Our business is expanding and all the slots in our switches are full, so we
are looking to get new switch and a firewall. It would be nice if the
firewall had anti-spam and anti-virus built in. VPN isnt a really needed.

I would also be able to assign multiple external ips to the server so I can
host the different websites on different ips, if that is possible

Does anyone have any suggestions on what hardware i should get, and possible
configuration.

Thanks,

Chris
5 answers Last reply
More about network setup
  1. Archived from groups: comp.security.firewalls (More info?)

    Chris Thomas wrote:

    > I'll give ya a little bit of background on my current situation:
    >
    > As of right now I have a 8 port linksys BEFSR81 Router/switch and a
    > SmartLink 8-port switch.
    > I have a server running Windows Small Business Server 2003, and using IIS
    > 6.0 to run multiple websites
    > We are on ADSL internet and have 5 IPs available to us, however right now we
    > are only using one because that is all the linksys can handle.
    >
    > Our business is expanding and all the slots in our switches are full, so we
    > are looking to get new switch and a firewall. It would be nice if the
    > firewall had anti-spam and anti-virus built in. VPN isnt a really needed.
    >
    > I would also be able to assign multiple external ips to the server so I can
    > host the different websites on different ips, if that is possible
    >
    > Does anyone have any suggestions on what hardware i should get, and possible
    > configuration.
    >
    > Thanks,
    >
    > Chris
    >
    >
    Chris,

    I do not believe you will find a firewall with any spam or virus
    filters. Firewalls are not content filters, they do not care what the
    packet contains. I would look at the Cisco 501 or a Sonic wall product,
    these are basic SOHO firewalls that provide stateful packet inspection.


    Chad
  2. Archived from groups: comp.security.firewalls (More info?)

    The spam and virus pertection arent really important on the firewall. (I
    thought i saw it on the firebox x700)

    I really want to try to figure out how to arange the switches so that the
    server can have multiple external ips, and the clients share one

    Chris

    "Chad Mahoney" <spamme@mah0ney.com> wrote in message
    news:10806qpkc54je15@news.supernews.com...
    > Chris Thomas wrote:
    >
    > > I'll give ya a little bit of background on my current situation:
    > >
    > > As of right now I have a 8 port linksys BEFSR81 Router/switch and a
    > > SmartLink 8-port switch.
    > > I have a server running Windows Small Business Server 2003, and using
    IIS
    > > 6.0 to run multiple websites
    > > We are on ADSL internet and have 5 IPs available to us, however right
    now we
    > > are only using one because that is all the linksys can handle.
    > >
    > > Our business is expanding and all the slots in our switches are full, so
    we
    > > are looking to get new switch and a firewall. It would be nice if the
    > > firewall had anti-spam and anti-virus built in. VPN isnt a really
    needed.
    > >
    > > I would also be able to assign multiple external ips to the server so I
    can
    > > host the different websites on different ips, if that is possible
    > >
    > > Does anyone have any suggestions on what hardware i should get, and
    possible
    > > configuration.
    > >
    > > Thanks,
    > >
    > > Chris
    > >
    > >
    > Chris,
    >
    > I do not believe you will find a firewall with any spam or virus
    > filters. Firewalls are not content filters, they do not care what the
    > packet contains. I would look at the Cisco 501 or a Sonic wall product,
    > these are basic SOHO firewalls that provide stateful packet inspection.
    >
    >
    > Chad
  3. Archived from groups: comp.security.firewalls (More info?)

    Chris Thomas wrote:

    > The spam and virus pertection arent really important on the firewall. (I
    > thought i saw it on the firebox x700)
    >
    > I really want to try to figure out how to arange the switches so that the
    > server can have multiple external ips, and the clients share one
    >
    > Chris
    >
    > "Chad Mahoney" <spamme@mah0ney.com> wrote in message
    > news:10806qpkc54je15@news.supernews.com...
    >
    >>Chris Thomas wrote:
    >>
    >>
    >>>I'll give ya a little bit of background on my current situation:
    >>>
    >>>As of right now I have a 8 port linksys BEFSR81 Router/switch and a
    >>>SmartLink 8-port switch.
    >>>I have a server running Windows Small Business Server 2003, and using
    >
    > IIS
    >
    >>>6.0 to run multiple websites
    >>>We are on ADSL internet and have 5 IPs available to us, however right
    >
    > now we
    >
    >>>are only using one because that is all the linksys can handle.
    >>>
    >>>Our business is expanding and all the slots in our switches are full, so
    >
    > we
    >
    >>>are looking to get new switch and a firewall. It would be nice if the
    >>>firewall had anti-spam and anti-virus built in. VPN isnt a really
    >
    > needed.
    >
    >>>I would also be able to assign multiple external ips to the server so I
    >
    > can
    >
    >>>host the different websites on different ips, if that is possible
    >>>
    >>>Does anyone have any suggestions on what hardware i should get, and
    >
    > possible
    >
    >>>configuration.
    >>>
    >>>Thanks,
    >>>
    >>>Chris
    >>>
    >>>
    >>
    >>Chris,
    >>
    >>I do not believe you will find a firewall with any spam or virus
    >>filters. Firewalls are not content filters, they do not care what the
    >>packet contains. I would look at the Cisco 501 or a Sonic wall product,
    >>these are basic SOHO firewalls that provide stateful packet inspection.
    >>
    >>
    >>Chad
    >
    >
    >
    Not sure on the firebox, What I would suggest is having a private
    address scheme for your internal network (192.168.1.1-192.168.1.254) in
    order to have your webserver listen on multiple external address you can
    perform a static NAT translation from your internal network to the
    external IP, such as you webservers IP is 192.168.1.2 and your external
    IP's are 66.11.11.1-66.11.11.5 for example, and you wish to use
    66.11.11.2 for one of your webservers you would tell your firewall any
    traffic with a destination of 66.11.11.2 with port 80 forward that
    traffic to your internal webserver 192.168.1.2. However if you need
    multiple IP's to respond you would have to install multiple NIC's in
    your webserver and asign an additional IP as 192.168.1.3 with external
    address 66.11.11.3, then configure your DNS server www.domainA.com
    points to 66.11.11.2 and www.DOMAINB.com points to 66.11.11.3. With a
    Cisco PIX this can be done with the following commands:


    static (inside,outside) 66.11.11.2 192.168.1.2 netmask 255.255.255.255
    static (inside,outside) 66.11.11.3 192.168.1.3 netmask 255.255.255.255

    access-list 101 permit tcp any host 66.11.11.2 eq www
    access-list 101 permit tcp any host 66.11.11.3 eq www

    access-group in interface outside


    then you could NAT the rest of your internal IP's like so:

    global (outside) 10 interface

    this will NAT your internal clients to the public IP of the firewall so
    outbound traffic from client at 192.168.1.100 will look like it came
    from the public IP of the firewall.

    Chad
  4. Archived from groups: comp.security.firewalls (More info?)

    On Fri, 16 Apr 2004 14:03:02 -0400, Chris Thomas spoketh

    >The spam and virus pertection arent really important on the firewall. (I
    >thought i saw it on the firebox x700)
    >
    >I really want to try to figure out how to arange the switches so that the
    >server can have multiple external ips, and the clients share one
    >
    >Chris
    >

    As have been mentioned before, a firewalls' primary task is not spam and
    virus filtering, but some (as the Watchguard firebox) does come with
    some functionality to handle this type of tasks.


    Most of the firewall appliances (including the Sonicwalls, the
    Watchguards and the Cisco Pixes) can handle multiple external IP
    addresses, and redirecting them to any internal IP address you may want.
    This is often referred to a one-to-one NAT, where one external IP
    address is mapped to one internal IP address.

    There are two ways of having several web sites hosted on one computer.
    You can create a number of virtual IP addresses on the same server, and
    then host a web server on each IP address. The second method is using
    virtual web servers, where all the sites are hosted on the same IP
    address, but the web server distinguishes between websites based on the
    hostname. So, www.yourdomain.com will be one virtual server, and
    forums.yourdomain.com will be another virtual server. Should be fairly
    easy to configure on IIS 6.

    Your network layout wouldn't be anything unusual, but rather straight
    forward:

    Internet -- ADSL -- Firewall -- Switch -- LAN
    modem

    So, the designated WAN port on your firewall connects to the DSL modem,
    and one of the LAN port (if there are more than one) connects to your
    internal switch. All your internal clients and servers connects to the
    same switch.


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  5. Archived from groups: comp.security.firewalls (More info?)

    In article <cMTfc.33119$vF3.1934616@news20.bellglobal.com>,
    chris@designvariation.com says...
    > I'll give ya a little bit of background on my current situation:
    >
    > As of right now I have a 8 port linksys BEFSR81 Router/switch and a
    > SmartLink 8-port switch.
    > I have a server running Windows Small Business Server 2003, and using IIS
    > 6.0 to run multiple websites
    > We are on ADSL internet and have 5 IPs available to us, however right now we
    > are only using one because that is all the linksys can handle.
    >
    > Our business is expanding and all the slots in our switches are full, so we
    > are looking to get new switch and a firewall. It would be nice if the
    > firewall had anti-spam and anti-virus built in. VPN isnt a really needed.
    >
    > I would also be able to assign multiple external ips to the server so I can
    > host the different websites on different ips, if that is possible
    >
    > Does anyone have any suggestions on what hardware i should get, and possible
    > configuration.

    This one is easy:

    A firebox 700 to protect the network, to filter attachments out of
    inbound SMTP, and the web blocker service to filter questionable web
    browsing activity by the employees.

    Since Exchange 2003 (part of SB2003) already permits configuration of
    public RBL servers, and blocking by other means, you've got all you need
    in the firewall + what you already have.


    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
Ask a new question

Read More

Firewalls Switch Networking