RE: [cobalt-users] Co-Lo Hardware Firewall

["Rick Ewart" <cobalt@xxxxxxxxx>]

> >Obviously it needs to have a web based administration although I
don't
> see
> >any need for VPN support at the moment.
> >I have been looking at the Sonicwall soho3 which seems to fit the
bill,
> at
> >present 10 IP addresses would be enough and this can be upgraded to
25 or
> 50
> >if needed including VPN support for 25 and above. Although they do
charge
> an
> >annual fee for firmware updates etc.
> 
> >I know we could do this with ipchains etc but I feel a hardware
firewall
> >might be a better option and easier for management etc and could also
be
> >used for more than one server.
> 
> >Any one any thoughts or recommendations ?.
> 
> >Paul.
> 
> We have been using Sonicwall and their biggest drawback is support.
The
> wait to is a bit long but they have improved.  I have not seen any
issues
> with Soho3 yet and their latest firmware is pretty stable.

Going with the firewall is the way to go, IMHO. Provides some DOS
protection, as I have discussed with other folks. Also, attacks on
things like slapper become a non-issue unless you are allowing remote
access to the particular service.

You might want to look at the Pro 100. It?s the same footprint but has a
DMZ port, which might give you added flexibility. Costs more but it will
probably make it much easier to do a lot of stuff. Has the VPN too, I
think, which might make it possible to set it up on the 2nd NICs and
turn off public SSH and stuff. That could do a lot to increase
security/cut down on garbage.

My 2 cents. Hope it helps.

Rick