Sign in with
Sign up | Sign in
Your question

Network Setup

Last response: in Networking
Share
Anonymous
April 16, 2004 4:25:19 PM

Archived from groups: comp.security.firewalls (More info?)

I'll give ya a little bit of background on my current situation:

As of right now I have a 8 port linksys BEFSR81 Router/switch and a
SmartLink 8-port switch.
I have a server running Windows Small Business Server 2003, and using IIS
6.0 to run multiple websites
We are on ADSL internet and have 5 IPs available to us, however right now we
are only using one because that is all the linksys can handle.

Our business is expanding and all the slots in our switches are full, so we
are looking to get new switch and a firewall. It would be nice if the
firewall had anti-spam and anti-virus built in. VPN isnt a really needed.

I would also be able to assign multiple external ips to the server so I can
host the different websites on different ips, if that is possible

Does anyone have any suggestions on what hardware i should get, and possible
configuration.

Thanks,

Chris

More about : network setup

Anonymous
April 16, 2004 5:43:52 PM

Archived from groups: comp.security.firewalls (More info?)

Chris Thomas wrote:

> I'll give ya a little bit of background on my current situation:
>
> As of right now I have a 8 port linksys BEFSR81 Router/switch and a
> SmartLink 8-port switch.
> I have a server running Windows Small Business Server 2003, and using IIS
> 6.0 to run multiple websites
> We are on ADSL internet and have 5 IPs available to us, however right now we
> are only using one because that is all the linksys can handle.
>
> Our business is expanding and all the slots in our switches are full, so we
> are looking to get new switch and a firewall. It would be nice if the
> firewall had anti-spam and anti-virus built in. VPN isnt a really needed.
>
> I would also be able to assign multiple external ips to the server so I can
> host the different websites on different ips, if that is possible
>
> Does anyone have any suggestions on what hardware i should get, and possible
> configuration.
>
> Thanks,
>
> Chris
>
>
Chris,

I do not believe you will find a firewall with any spam or virus
filters. Firewalls are not content filters, they do not care what the
packet contains. I would look at the Cisco 501 or a Sonic wall product,
these are basic SOHO firewalls that provide stateful packet inspection.


Chad
Anonymous
April 16, 2004 6:03:02 PM

Archived from groups: comp.security.firewalls (More info?)

The spam and virus pertection arent really important on the firewall. (I
thought i saw it on the firebox x700)

I really want to try to figure out how to arange the switches so that the
server can have multiple external ips, and the clients share one

Chris

"Chad Mahoney" <spamme@mah0ney.com> wrote in message
news:10806qpkc54je15@news.supernews.com...
> Chris Thomas wrote:
>
> > I'll give ya a little bit of background on my current situation:
> >
> > As of right now I have a 8 port linksys BEFSR81 Router/switch and a
> > SmartLink 8-port switch.
> > I have a server running Windows Small Business Server 2003, and using
IIS
> > 6.0 to run multiple websites
> > We are on ADSL internet and have 5 IPs available to us, however right
now we
> > are only using one because that is all the linksys can handle.
> >
> > Our business is expanding and all the slots in our switches are full, so
we
> > are looking to get new switch and a firewall. It would be nice if the
> > firewall had anti-spam and anti-virus built in. VPN isnt a really
needed.
> >
> > I would also be able to assign multiple external ips to the server so I
can
> > host the different websites on different ips, if that is possible
> >
> > Does anyone have any suggestions on what hardware i should get, and
possible
> > configuration.
> >
> > Thanks,
> >
> > Chris
> >
> >
> Chris,
>
> I do not believe you will find a firewall with any spam or virus
> filters. Firewalls are not content filters, they do not care what the
> packet contains. I would look at the Cisco 501 or a Sonic wall product,
> these are basic SOHO firewalls that provide stateful packet inspection.
>
>
> Chad
Related resources
Anonymous
April 16, 2004 6:38:33 PM

Archived from groups: comp.security.firewalls (More info?)

Chris Thomas wrote:

> The spam and virus pertection arent really important on the firewall. (I
> thought i saw it on the firebox x700)
>
> I really want to try to figure out how to arange the switches so that the
> server can have multiple external ips, and the clients share one
>
> Chris
>
> "Chad Mahoney" <spamme@mah0ney.com> wrote in message
> news:10806qpkc54je15@news.supernews.com...
>
>>Chris Thomas wrote:
>>
>>
>>>I'll give ya a little bit of background on my current situation:
>>>
>>>As of right now I have a 8 port linksys BEFSR81 Router/switch and a
>>>SmartLink 8-port switch.
>>>I have a server running Windows Small Business Server 2003, and using
>
> IIS
>
>>>6.0 to run multiple websites
>>>We are on ADSL internet and have 5 IPs available to us, however right
>
> now we
>
>>>are only using one because that is all the linksys can handle.
>>>
>>>Our business is expanding and all the slots in our switches are full, so
>
> we
>
>>>are looking to get new switch and a firewall. It would be nice if the
>>>firewall had anti-spam and anti-virus built in. VPN isnt a really
>
> needed.
>
>>>I would also be able to assign multiple external ips to the server so I
>
> can
>
>>>host the different websites on different ips, if that is possible
>>>
>>>Does anyone have any suggestions on what hardware i should get, and
>
> possible
>
>>>configuration.
>>>
>>>Thanks,
>>>
>>>Chris
>>>
>>>
>>
>>Chris,
>>
>>I do not believe you will find a firewall with any spam or virus
>>filters. Firewalls are not content filters, they do not care what the
>>packet contains. I would look at the Cisco 501 or a Sonic wall product,
>>these are basic SOHO firewalls that provide stateful packet inspection.
>>
>>
>>Chad
>
>
>
Not sure on the firebox, What I would suggest is having a private
address scheme for your internal network (192.168.1.1-192.168.1.254) in
order to have your webserver listen on multiple external address you can
perform a static NAT translation from your internal network to the
external IP, such as you webservers IP is 192.168.1.2 and your external
IP's are 66.11.11.1-66.11.11.5 for example, and you wish to use
66.11.11.2 for one of your webservers you would tell your firewall any
traffic with a destination of 66.11.11.2 with port 80 forward that
traffic to your internal webserver 192.168.1.2. However if you need
multiple IP's to respond you would have to install multiple NIC's in
your webserver and asign an additional IP as 192.168.1.3 with external
address 66.11.11.3, then configure your DNS server www.domainA.com
points to 66.11.11.2 and www.DOMAINB.com points to 66.11.11.3. With a
Cisco PIX this can be done with the following commands:


static (inside,outside) 66.11.11.2 192.168.1.2 netmask 255.255.255.255
static (inside,outside) 66.11.11.3 192.168.1.3 netmask 255.255.255.255

access-list 101 permit tcp any host 66.11.11.2 eq www
access-list 101 permit tcp any host 66.11.11.3 eq www

access-group in interface outside


then you could NAT the rest of your internal IP's like so:

global (outside) 10 interface

this will NAT your internal clients to the public IP of the firewall so
outbound traffic from client at 192.168.1.100 will look like it came
from the public IP of the firewall.

Chad
Anonymous
April 16, 2004 8:03:29 PM

Archived from groups: comp.security.firewalls (More info?)

On Fri, 16 Apr 2004 14:03:02 -0400, Chris Thomas spoketh

>The spam and virus pertection arent really important on the firewall. (I
>thought i saw it on the firebox x700)
>
>I really want to try to figure out how to arange the switches so that the
>server can have multiple external ips, and the clients share one
>
>Chris
>

As have been mentioned before, a firewalls' primary task is not spam and
virus filtering, but some (as the Watchguard firebox) does come with
some functionality to handle this type of tasks.


Most of the firewall appliances (including the Sonicwalls, the
Watchguards and the Cisco Pixes) can handle multiple external IP
addresses, and redirecting them to any internal IP address you may want.
This is often referred to a one-to-one NAT, where one external IP
address is mapped to one internal IP address.

There are two ways of having several web sites hosted on one computer.
You can create a number of virtual IP addresses on the same server, and
then host a web server on each IP address. The second method is using
virtual web servers, where all the sites are hosted on the same IP
address, but the web server distinguishes between websites based on the
hostname. So, www.yourdomain.com will be one virtual server, and
forums.yourdomain.com will be another virtual server. Should be fairly
easy to configure on IIS 6.

Your network layout wouldn't be anything unusual, but rather straight
forward:

Internet -- ADSL -- Firewall -- Switch -- LAN
modem

So, the designated WAN port on your firewall connects to the DSL modem,
and one of the LAN port (if there are more than one) connects to your
internal switch. All your internal clients and servers connects to the
same switch.



Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
April 17, 2004 5:36:44 AM

Archived from groups: comp.security.firewalls (More info?)

In article <cMTfc.33119$vF3.1934616@news20.bellglobal.com>,
chris@designvariation.com says...
> I'll give ya a little bit of background on my current situation:
>
> As of right now I have a 8 port linksys BEFSR81 Router/switch and a
> SmartLink 8-port switch.
> I have a server running Windows Small Business Server 2003, and using IIS
> 6.0 to run multiple websites
> We are on ADSL internet and have 5 IPs available to us, however right now we
> are only using one because that is all the linksys can handle.
>
> Our business is expanding and all the slots in our switches are full, so we
> are looking to get new switch and a firewall. It would be nice if the
> firewall had anti-spam and anti-virus built in. VPN isnt a really needed.
>
> I would also be able to assign multiple external ips to the server so I can
> host the different websites on different ips, if that is possible
>
> Does anyone have any suggestions on what hardware i should get, and possible
> configuration.

This one is easy:

A firebox 700 to protect the network, to filter attachments out of
inbound SMTP, and the web blocker service to filter questionable web
browsing activity by the employees.

Since Exchange 2003 (part of SB2003) already permits configuration of
public RBL servers, and blocking by other means, you've got all you need
in the firewall + what you already have.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
!