Sign in with
Sign up | Sign in
Your question

question re. office networking (20+ users)

Last response: in Networking
Share
Anonymous
May 20, 2004 6:02:13 AM

Archived from groups: comp.security.firewalls (More info?)

I'm looking for a little guidance/explanation on the ins and outs of
basic office networking. I know enough to understand what I'm talking
about but lack the experience to make a confident choice in this
situation...

I'm currently working as the IT/developer for a small (20-person) firm
and their network is a mess, the result of years of neglect. They're
still using static IP, they have a gateway server w/ no special
firewall rules on it, they have a large DMZ that serves no purpose
(managed by the gateway) and are fronted by a Cisco router they can't
get access to (nobody has the password; I presume that this is
performing NAT).

I've called in a few network install technicians to get some quotes and
they keep suggesting rather expensive ($2000-3000) appliance devices -
clearly the ones they have the most personal experience with.

What I'm starting to wonder is why can't I simply do this myself? Why
not just buy one or two switches and a Linksys VPN/firewall of some
kind and set it all up myself?

As I mentioned, we have about 20-25 desktop machines that I want to
configure via DHCP services, 4-5 printers (which will require static IP
addresses), a file server (no outside access required) and a print
server (for the 4-5 printers). Web server and e-mail are both hosted by
an external service.

I'm looking to implement a protective firewall, DHCP services, NAT and
possibly VPN access in the not-too-distant future. If I ever intend to
bring web and e-mail back in-house then I'll need port forwarding for
that, as well.

Considering that we already own one 3Com Superstack 3 24-port switch
(and a slew of Baystack 255 hubs that I want to unload), I was
considering just getting one or two more Superstacks and a Linksys.

Am I being foolish in thinking that something as small as a little blue
Linksys like what I have at home can be relied on in a small/medium
office environment? Is this too taxing an application for one of those?
And what about the difference between a BEFSR11 (the single-port blue
model) something like the RV016 or RV082? Considering that I've already
got switches then is there any advantage to having ports built into the
device?

Any input, experience or suggestions would be greatly appreciated!
Anonymous
May 20, 2004 4:58:55 PM

Archived from groups: comp.security.firewalls (More info?)

In article <190520042202129135%chrisjscott@NOSPAMmindspring.com>,
chrisjscott@NOSPAMmindspring.com says...
> Am I being foolish in thinking that something as small as a little blue
> Linksys like what I have at home can be relied on in a small/medium
> office environment? Is this too taxing an application for one of those?
> And what about the difference between a BEFSR11 (the single-port blue
> model) something like the RV016 or RV082? Considering that I've already
> got switches then is there any advantage to having ports built into the
> device?

You mentioned Firewall, VPN, workstations, servers, and DMZ in your
post. 20+ workstations, 4+ printers on the network, couple servers.

In a case like this, while your web/email server is external, you don't
mention what OS you are using for your PC's and Servers. I would suggest
that you get a real firewall, something like the WatchGuard 700 series
or a SOHO6TC with an additional 25 licenses (it comes with 25 licenses,
but you need the additional ones for the extra printers/server/misc). A
SOHO 6tc is a small unit that does DHCP and full in/out filtering/rules.
It will also act as a VPN End Point.

The Linksys units, even if you get the BEFSX41, is not really a firewall
device, it's more like a simple filter that lets you strip some things
out, but a real firewall will enable you to easily secure your network.

In a situation like yours it could easily take a week of man-hours to
install a firewall, update all the computers, install/update the AV
software, ensure all patches are applied, update servers, setup DHCP,
DNS, permissions, etc....

A FB 700 is under $1600, a SOHO6tc is about $400+200 for the extra
licenses, a weeks worth of hours to do the work - well, that's something
that you can negotiate.

For you to do this yourself would be foolish. Get a professional and
then have them include time to show you what/why they are doing what
they are doing so that you can at least understand the rules/filters and
how to monitor the logs.

The only ports needed by the firewall are "WAN - External", "LAN -
Internal/Trusted" and "DMZ - Optional". The LAN port can connect
directly to your network switch without a problem.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
June 2, 2004 4:38:42 PM

Archived from groups: comp.security.firewalls (More info?)

If you are looking for a good solution that is cost effective, I would
recommend a Linux-based server. There is a good one here:
http://contribs.org

This server can act as a mail server, web server, dhcp server,
firewall, print server, and fax server. Everything is pretty much
configurable through a web browser and is very straight forward. The
server has has the ability for people to VPN in using PPTP. I have my
server set up for PPTP, and then I use remote desktop to get to my
other computer in the office. All you will need is a computer (can be
old is need be) that has 2 NIC cards in on it. One card will be your
WAN and the other will be your LAN. The software is a free download,
and the site has a wonderful support forum on it to help with
questions.

Hope this helps.


Christopher Scott <chrisjscott@NOSPAMmindspring.com> wrote in message news:<190520042202129135%chrisjscott@NOSPAMmindspring.com>...
> I'm looking for a little guidance/explanation on the ins and outs of
> basic office networking. I know enough to understand what I'm talking
> about but lack the experience to make a confident choice in this
> situation...
>
> I'm currently working as the IT/developer for a small (20-person) firm
> and their network is a mess, the result of years of neglect. They're
> still using static IP, they have a gateway server w/ no special
> firewall rules on it, they have a large DMZ that serves no purpose
> (managed by the gateway) and are fronted by a Cisco router they can't
> get access to (nobody has the password; I presume that this is
> performing NAT).
>
> I've called in a few network install technicians to get some quotes and
> they keep suggesting rather expensive ($2000-3000) appliance devices -
> clearly the ones they have the most personal experience with.
>
> What I'm starting to wonder is why can't I simply do this myself? Why
> not just buy one or two switches and a Linksys VPN/firewall of some
> kind and set it all up myself?
>
> As I mentioned, we have about 20-25 desktop machines that I want to
> configure via DHCP services, 4-5 printers (which will require static IP
> addresses), a file server (no outside access required) and a print
> server (for the 4-5 printers). Web server and e-mail are both hosted by
> an external service.
>
> I'm looking to implement a protective firewall, DHCP services, NAT and
> possibly VPN access in the not-too-distant future. If I ever intend to
> bring web and e-mail back in-house then I'll need port forwarding for
> that, as well.
>
> Considering that we already own one 3Com Superstack 3 24-port switch
> (and a slew of Baystack 255 hubs that I want to unload), I was
> considering just getting one or two more Superstacks and a Linksys.
>
> Am I being foolish in thinking that something as small as a little blue
> Linksys like what I have at home can be relied on in a small/medium
> office environment? Is this too taxing an application for one of those?
> And what about the difference between a BEFSR11 (the single-port blue
> model) something like the RV016 or RV082? Considering that I've already
> got switches then is there any advantage to having ports built into the
> device?
>
> Any input, experience or suggestions would be greatly appreciated!
Anonymous
June 3, 2004 3:28:18 AM

Archived from groups: comp.security.firewalls (More info?)

> I've called in a few network install technicians to get some quotes and
> they keep suggesting rather expensive ($2000-3000) appliance devices -
> clearly the ones they have the most personal experience with.
>
> What I'm starting to wonder is why can't I simply do this myself? Why
> not just buy one or two switches and a Linksys VPN/firewall of some
> kind and set it all up myself?
>

You can get a PIX 506e for 920 dollars or a pix 501 with a 50 user license
for even less money.

Not sure what kind of hack fly by night techs are you calling for your help
but your requirements do not require any kind of firewall over 1000 dollars.

Would you risk your job using a 99 dollar home firewall?
!