[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Qube3 vs. MS ISA

Subject: Re: [cobalt-developers] Qube3 vs. MS ISA
From: Malcolm McLeary <mmcleary@xxxxxxx>
Date: Fri Jun 27 18:30:01 2003
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

Hi Matthew,

on 28/6/03 2:41 AM, Matthew Eckmann wrote:

> New to the Qube3 World. I'm setting up my company's website and
> interested in using the Qube3 or MS ISA as our Firewall. I need this
> Firewall to examine Internet packets and either send them on to the
> separate Webserver, Email server, or the LAN. From my research, I gather
> that I will rely heavily on a series of firewall rules to either accept,
> deny, or forward the request on.

On the Qube3 forwarding packets to other internal hosts is not handled by
firewall rules.

Firewall rules will examine packets based on certain criteria and allow or
deny the packet through to be processed further.

Port Forwarding will redirect traffic for particular ports through to other
hosts.

> First, can the Qube3 handle this kind of work for a website that
> receives 30,000+ hits per day?

Can't say for sure.  It would depend on what else the Qube3 is configured to
do.  It will also depend on the amount of traffic generated by a "hit".

> Second, what issues might I encounter with DNS etc. with the Qube3?

I believe DNS on a Qube3 work quite well, however I only use my Qubes as
local and forwarding DNS servers.  I host my real Pri and Sec DNS externally
at my ISP.  My Qubes resolve local servers and forward all other requests to
external servers.

> Third, any better resources out there for this kind of setup than the
> Qube3 Manual?

Setting up local DNS on a Qube3 is straight forward.

Setting up Port Forwarding on a Qube3 is straight forward.

Setting up Firewall rules requires you to know what you are doing.  The GUI
is straight forward, but provides no assistance in what rules need to be
established.

Have a read of "Linux Firewalls" by Robert L. Ziegler

Have a look at;

    http://www.linux-firewall-tools.com/linux/

> I need to be sure that the Qube3 is a better choice than MS ISA. And my
> boss needs me to be sure that I'm sure.

Can't really say as I've never seen MS ISA.

If the Qube3 Basic Firewall is deficient in any way you can always install
the Adaptive Firewall.

Cheers,  Malcolm

Follow-Ups:
- Re: [cobalt-developers] Qube3 vs. MS ISA
  - From: Brian N. Smith

References:
- [cobalt-developers] Qube3 vs. MS ISA
  - From: Matthew Eckmann

Prev by Date: Re: [cobalt-developers] OpenWeb Mail nam@xxxxxxxxxxxxxx
Next by Date: Re: [cobalt-developers] Qube3 vs. MS ISA
Previous by thread: [cobalt-developers] Qube3 vs. MS ISA
Next by thread: Re: [cobalt-developers] Qube3 vs. MS ISA

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index