question re. office networking (20+ users)

Archived from groups: comp.security.firewalls (More info?)

I'm looking for a little guidance/explanation on the ins and outs of
basic office networking. I know enough to understand what I'm talking
about but lack the experience to make a confident choice in this
situation...

I'm currently working as the IT/developer for a small (20-person) firm
and their network is a mess, the result of years of neglect. They're
still using static IP, they have a gateway server w/ no special
firewall rules on it, they have a large DMZ that serves no purpose
(managed by the gateway) and are fronted by a Cisco router they can't
get access to (nobody has the password; I presume that this is
performing NAT).

I've called in a few network install technicians to get some quotes and
they keep suggesting rather expensive ($2000-3000) appliance devices -
clearly the ones they have the most personal experience with.

What I'm starting to wonder is why can't I simply do this myself? Why
not just buy one or two switches and a Linksys VPN/firewall of some
kind and set it all up myself?

As I mentioned, we have about 20-25 desktop machines that I want to
configure via DHCP services, 4-5 printers (which will require static IP
addresses), a file server (no outside access required) and a print
server (for the 4-5 printers). Web server and e-mail are both hosted by
an external service.

I'm looking to implement a protective firewall, DHCP services, NAT and
possibly VPN access in the not-too-distant future. If I ever intend to
bring web and e-mail back in-house then I'll need port forwarding for
that, as well.

Considering that we already own one 3Com Superstack 3 24-port switch
(and a slew of Baystack 255 hubs that I want to unload), I was
considering just getting one or two more Superstacks and a Linksys.

Am I being foolish in thinking that something as small as a little blue
Linksys like what I have at home can be relied on in a small/medium
office environment? Is this too taxing an application for one of those?
And what about the difference between a BEFSR11 (the single-port blue
model) something like the RV016 or RV082? Considering that I've already
got switches then is there any advantage to having ports built into the
device?

Any input, experience or suggestions would be greatly appreciated!
3 answers Last reply
More about question office networking users
  1. Archived from groups: comp.security.firewalls (More info?)

    In article <190520042202129135%chrisjscott@NOSPAMmindspring.com>,
    chrisjscott@NOSPAMmindspring.com says...
    > Am I being foolish in thinking that something as small as a little blue
    > Linksys like what I have at home can be relied on in a small/medium
    > office environment? Is this too taxing an application for one of those?
    > And what about the difference between a BEFSR11 (the single-port blue
    > model) something like the RV016 or RV082? Considering that I've already
    > got switches then is there any advantage to having ports built into the
    > device?

    You mentioned Firewall, VPN, workstations, servers, and DMZ in your
    post. 20+ workstations, 4+ printers on the network, couple servers.

    In a case like this, while your web/email server is external, you don't
    mention what OS you are using for your PC's and Servers. I would suggest
    that you get a real firewall, something like the WatchGuard 700 series
    or a SOHO6TC with an additional 25 licenses (it comes with 25 licenses,
    but you need the additional ones for the extra printers/server/misc). A
    SOHO 6tc is a small unit that does DHCP and full in/out filtering/rules.
    It will also act as a VPN End Point.

    The Linksys units, even if you get the BEFSX41, is not really a firewall
    device, it's more like a simple filter that lets you strip some things
    out, but a real firewall will enable you to easily secure your network.

    In a situation like yours it could easily take a week of man-hours to
    install a firewall, update all the computers, install/update the AV
    software, ensure all patches are applied, update servers, setup DHCP,
    DNS, permissions, etc....

    A FB 700 is under $1600, a SOHO6tc is about $400+200 for the extra
    licenses, a weeks worth of hours to do the work - well, that's something
    that you can negotiate.

    For you to do this yourself would be foolish. Get a professional and
    then have them include time to show you what/why they are doing what
    they are doing so that you can at least understand the rules/filters and
    how to monitor the logs.

    The only ports needed by the firewall are "WAN - External", "LAN -
    Internal/Trusted" and "DMZ - Optional". The LAN port can connect
    directly to your network switch without a problem.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  2. Archived from groups: comp.security.firewalls (More info?)

    If you are looking for a good solution that is cost effective, I would
    recommend a Linux-based server. There is a good one here:
    http://contribs.org

    This server can act as a mail server, web server, dhcp server,
    firewall, print server, and fax server. Everything is pretty much
    configurable through a web browser and is very straight forward. The
    server has has the ability for people to VPN in using PPTP. I have my
    server set up for PPTP, and then I use remote desktop to get to my
    other computer in the office. All you will need is a computer (can be
    old is need be) that has 2 NIC cards in on it. One card will be your
    WAN and the other will be your LAN. The software is a free download,
    and the site has a wonderful support forum on it to help with
    questions.

    Hope this helps.


    Christopher Scott <chrisjscott@NOSPAMmindspring.com> wrote in message news:<190520042202129135%chrisjscott@NOSPAMmindspring.com>...
    > I'm looking for a little guidance/explanation on the ins and outs of
    > basic office networking. I know enough to understand what I'm talking
    > about but lack the experience to make a confident choice in this
    > situation...
    >
    > I'm currently working as the IT/developer for a small (20-person) firm
    > and their network is a mess, the result of years of neglect. They're
    > still using static IP, they have a gateway server w/ no special
    > firewall rules on it, they have a large DMZ that serves no purpose
    > (managed by the gateway) and are fronted by a Cisco router they can't
    > get access to (nobody has the password; I presume that this is
    > performing NAT).
    >
    > I've called in a few network install technicians to get some quotes and
    > they keep suggesting rather expensive ($2000-3000) appliance devices -
    > clearly the ones they have the most personal experience with.
    >
    > What I'm starting to wonder is why can't I simply do this myself? Why
    > not just buy one or two switches and a Linksys VPN/firewall of some
    > kind and set it all up myself?
    >
    > As I mentioned, we have about 20-25 desktop machines that I want to
    > configure via DHCP services, 4-5 printers (which will require static IP
    > addresses), a file server (no outside access required) and a print
    > server (for the 4-5 printers). Web server and e-mail are both hosted by
    > an external service.
    >
    > I'm looking to implement a protective firewall, DHCP services, NAT and
    > possibly VPN access in the not-too-distant future. If I ever intend to
    > bring web and e-mail back in-house then I'll need port forwarding for
    > that, as well.
    >
    > Considering that we already own one 3Com Superstack 3 24-port switch
    > (and a slew of Baystack 255 hubs that I want to unload), I was
    > considering just getting one or two more Superstacks and a Linksys.
    >
    > Am I being foolish in thinking that something as small as a little blue
    > Linksys like what I have at home can be relied on in a small/medium
    > office environment? Is this too taxing an application for one of those?
    > And what about the difference between a BEFSR11 (the single-port blue
    > model) something like the RV016 or RV082? Considering that I've already
    > got switches then is there any advantage to having ports built into the
    > device?
    >
    > Any input, experience or suggestions would be greatly appreciated!
  3. Archived from groups: comp.security.firewalls (More info?)

    > I've called in a few network install technicians to get some quotes and
    > they keep suggesting rather expensive ($2000-3000) appliance devices -
    > clearly the ones they have the most personal experience with.
    >
    > What I'm starting to wonder is why can't I simply do this myself? Why
    > not just buy one or two switches and a Linksys VPN/firewall of some
    > kind and set it all up myself?
    >

    You can get a PIX 506e for 920 dollars or a pix 501 with a 50 user license
    for even less money.

    Not sure what kind of hack fly by night techs are you calling for your help
    but your requirements do not require any kind of firewall over 1000 dollars.

    Would you risk your job using a 99 dollar home firewall?
Ask a new question

Read More

Firewalls Networking