| Author |
Message |
Guest
|
 Posted:
Tue Jan 25, 2005 3:06 am Post subject:
Switching Firewall solution -- need suggestions for make/mod |
|
|
I am the sysadmin for a company's public website server cluster. It is
currently protected (primarily) by a Watchguard X 1000, as a firewall
solution. The problem is that it has been locking up and my manager
has instructed me to replace it with a different make and model.
So I was thinking a Cisco Pix since ive heard the name so often. Can
some one suggest for me a make/model cisco firewall? It needs
External, Trusted and Optional interfaces. Needs PPTP VPN support,
stateful packet filtering blah blah. Basically im looking for an
out-of-the-box hardware firewall solution.
Our website traffic is on the order of a 1,000,000 page views a month
distributed evenly mostly on weekdays. We prob run around 1-8mbps
consisently, but the average is prob somewhere around 2mbps.
Any help is greatly appreciated.
Will |
|
| Back to top |
|
 |
Leythos
Guest
|
| Posted:
Tue Jan 25, 2005 3:30 am Post subject:
Re: Switching Firewall solution -- need suggestions for make |
|
|
In article <1106604391.198901.9530@c13g2000cwb.googlegroups.com>,
wfsmith@gmail.com says...
| Quote: | I am the sysadmin for a company's public website server cluster. It is
currently protected (primarily) by a Watchguard X 1000, as a firewall
solution. The problem is that it has been locking up and my manager
has instructed me to replace it with a different make and model.
|
I have more than 80 Firebox III units in service right now, none of them
lock-up and we manage some heavy loads. If you still have service
available, why not try and resolve the problem with support - the X
units are new and you should still have support.
Another method would be to access the WG forum on their site, many users
posting solutions and help.
| Quote: | So I was thinking a Cisco Pix since ive heard the name so often. Can
some one suggest for me a make/model cisco firewall? It needs
External, Trusted and Optional interfaces. Needs PPTP VPN support,
stateful packet filtering blah blah. Basically im looking for an
out-of-the-box hardware firewall solution.
|
If you've never configured a PIX you are not going to like the interface
at all.
| Quote: | Our website traffic is on the order of a 1,000,000 page views a month
distributed evenly mostly on weekdays. We prob run around 1-8mbps
consisently, but the average is prob somewhere around 2mbps.
Any help is greatly appreciated.
|
You might also look at how you pass the HTTP sessions inbound and the
rule you created for it.
Did you do drop-in or NAT for your network?
Did you have this problem before the X-1000 unit was installed?
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
|
Michael J. Pelletier
Guest
|
| Posted:
Tue Jan 25, 2005 7:30 am Post subject:
Re: Switching Firewall solution -- need suggestions for make |
|
|
wfsmith@gmail.com wrote:
| Quote: | I am the sysadmin for a company's public website server cluster. It is
currently protected (primarily) by a Watchguard X 1000, as a firewall
solution. The problem is that it has been locking up and my manager
has instructed me to replace it with a different make and model.
So I was thinking a Cisco Pix since ive heard the name so often. Can
some one suggest for me a make/model cisco firewall? It needs
External, Trusted and Optional interfaces. Needs PPTP VPN support,
stateful packet filtering blah blah. Basically im looking for an
out-of-the-box hardware firewall solution.
Our website traffic is on the order of a 1,000,000 page views a month
distributed evenly mostly on weekdays. We prob run around 1-8mbps
consisently, but the average is prob somewhere around 2mbps.
Any help is greatly appreciated.
Will
|
Cisco's PIX is a good firewall. To decide which one you need to determine
what your parameters are... |
|
| Back to top |
|
|
Mark S
Guest
|
| Posted:
Tue Jan 25, 2005 8:18 am Post subject:
Re: Switching Firewall solution -- need suggestions for make |
|
|
I'd disagree with the PIX, it might be a good firewall for 5 years ago, but
not todays environment.
Look at Netscreen, Sonicwall, Watchguard, and Fortenet. I'd also look at
updating your sites solution to more modern security policies using zoning
and application layer functionality (basic IDP).
"Michael J. Pelletier" <mjpelletier@mjpelletier.com> wrote in message
news:ubiJd.9951$rw.1024@fed1read04...
| Quote: | wfsmith@gmail.com wrote:
I am the sysadmin for a company's public website server cluster. It is
currently protected (primarily) by a Watchguard X 1000, as a firewall
solution. The problem is that it has been locking up and my manager
has instructed me to replace it with a different make and model.
So I was thinking a Cisco Pix since ive heard the name so often. Can
some one suggest for me a make/model cisco firewall? It needs
External, Trusted and Optional interfaces. Needs PPTP VPN support,
stateful packet filtering blah blah. Basically im looking for an
out-of-the-box hardware firewall solution.
Our website traffic is on the order of a 1,000,000 page views a month
distributed evenly mostly on weekdays. We prob run around 1-8mbps
consisently, but the average is prob somewhere around 2mbps.
Any help is greatly appreciated.
Will
Cisco's PIX is a good firewall. To decide which one you need to determine
what your parameters are... |
|
|
| Back to top |
|
|
Guest
|
| Posted:
Tue Jan 25, 2005 8:16 pm Post subject:
Re: Switching Firewall solution -- need suggestions for make |
|
|
In fact yes, I did have problems before. We had a Firebox III 1000
which would lock up randomly about every 3-8 weeks. It required a hard
boot to get it back working.
The logs had entries that said "no free ports" and the Watchguard tech
said that there was a loopback problem with the network which was
causing this error message AND the lockups.
So we got a new one from Watchguard (the Firebox X 1000 we currently
are using). This one has frozen 3 times since we've had it. But no
"no free ports" error messages in the logs.
But there is proof of some sort of trusted-to-optional traffic
crossover. Im using a Cisco Catalyst 2950 to create VLANs and I can
see trusted traffic travelling over my DMZ interface and vice versa.
This is what lead the Watchguard tech to suspect my firebox was
freezing because of some loopback issue..
Leythos, you seem to have a ton of Watchguard experience. Would you be
willing to help me off-newsgroup with this problem? I can probably pay
you via paypal or sth if you can help me fix the problem.
Thanks
Will |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Tue Jan 25, 2005 11:37 pm Post subject:
Re: Switching Firewall solution -- need suggestions for make |
|
|
In article <1106666170.630764.260540@c13g2000cwb.googlegroups.com>,
wfsmith@gmail.com says...
| Quote: | In fact yes, I did have problems before. We had a Firebox III 1000
which would lock up randomly about every 3-8 weeks. It required a hard
boot to get it back working.
The logs had entries that said "no free ports" and the Watchguard tech
said that there was a loopback problem with the network which was
causing this error message AND the lockups.
So we got a new one from Watchguard (the Firebox X 1000 we currently
are using). This one has frozen 3 times since we've had it. But no
"no free ports" error messages in the logs.
But there is proof of some sort of trusted-to-optional traffic
crossover. Im using a Cisco Catalyst 2950 to create VLANs and I can
see trusted traffic travelling over my DMZ interface and vice versa.
This is what lead the Watchguard tech to suspect my firebox was
freezing because of some loopback issue..
Leythos, you seem to have a ton of Watchguard experience. Would you be
willing to help me off-newsgroup with this problem? I can probably pay
you via paypal or sth if you can help me fix the problem.
|
I can try - the email address is below - remove the 999 part to reply to
me. I'm not a var or reseller, just a user/designer that likes their
products.
I would suspect that if the problem was loop-back related, and it has
something to do with your network (including the firewall) that you will
see this problem with other firewall products, not just watchguard.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in