internal firewall for Data-center - Firewalls

This is a discussion on internal firewall for Data-center - Firewalls ; Hello...I am working on a project to allocate some protection to segregate the Data-center A from the rest of user community. and there are some requirements: 1) this data-center A do not have internet connection directly, but it can access ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: internal firewall for Data-center

  1. internal firewall for Data-center

    Hello...I am working on a project to allocate some protection to
    segregate the Data-center A from the rest of user community. and there
    are some requirements:
    1) this data-center A do not have internet connection directly, but it
    can access the internet via another data-center B.
    2) each server in data-center A will be access from the user community
    only specific ports/protocols open.
    3) each server in data-center A will be fully open to data-center B.
    4) ideally, the IP address of each server in data-center A will not be
    changed after put this internal firewall.
    5) the servers are Windows 2003 for file server, printer server,
    exchange server, SQL server, Web server and the regional domain
    controller (DC).
    6) the main DC and Exchange are located in data-center B.
    7) the data-center are split into 2 networks, one for production, the
    other is QA.
    8) we have no direct controll on data-center B.

    My questions is that: what kind of Cisco product can achieve this
    request?

    Thanks,
    fshguo.


  2. Re: internal firewall for Data-center

    On Oct 1, 10:38 am, yvette...@gmail.com wrote:
    > Hello...I am working on a project to allocate some protection to
    > segregate the Data-center A from the rest of user community. and there
    > are some requirements:
    > 1) this data-center A do not have internet connection directly, but it
    > can access the internet via another data-center B.
    > 2) each server in data-center A will be access from the user community
    > only specific ports/protocols open.
    > 3) each server in data-center A will be fully open to data-center B.
    > 4) ideally, the IP address of each server in data-center A will not be
    > changed after put this internal firewall.
    > 5) the servers are Windows 2003 for file server, printer server,
    > exchange server, SQL server, Web server and the regional domain
    > controller (DC).
    > 6) the main DC and Exchange are located in data-center B.
    > 7) the data-center are split into 2 networks, one for production, the
    > other is QA.
    > 8) we have no direct controll on data-center B.
    >
    > My questions is that: what kind of Cisco product can achieve this
    > request?
    >
    > Thanks,
    > fshguo.


    Why would you confine yourself to Cisco solutions? If your talking
    security, I know that Cisco is by far not the first name you should
    look at. Checkpoint or Juniper are FAR better products in my own
    opinion. Cisco makes great mid-level routers and switches, but they
    are relatively new to the enterprise firewall environment.


  3. Re: internal firewall for Data-center

    yvette.ye@gmail.com wrote:

    >Hello...I am working on a project to allocate some protection to
    >segregate the Data-center A from the rest of user community. and there
    >are some requirements:
    >1) this data-center A do not have internet connection directly, but it
    >can access the internet via another data-center B.
    >2) each server in data-center A will be access from the user community
    >only specific ports/protocols open.
    >3) each server in data-center A will be fully open to data-center B.
    >4) ideally, the IP address of each server in data-center A will not be
    >changed after put this internal firewall.
    >5) the servers are Windows 2003 for file server, printer server,
    >exchange server, SQL server, Web server and the regional domain
    >controller (DC).
    >6) the main DC and Exchange are located in data-center B.
    >7) the data-center are split into 2 networks, one for production, the
    >other is QA.
    >8) we have no direct controll on data-center B.
    >
    >My questions is that: what kind of Cisco product can achieve this
    >request?


    Cisco ASA - adaptive security appliance
    http://www.cisco.com/en/US/products/...d802930c5.html

    You could just get a PIX firewall but the ASA gives you the option of
    IPS, VPN and more.

    I agree with CosmicV on Cisco's status as a firewall provider, and
    unless you are a VERY Cisco-centric organization, I'd suggest
    broadening your search. My recommendation would be one the Secure
    Computing Sidewinder appliances
    http://www.securecomputing.com/index.cfm?skey=20



  4. Re: internal firewall for Data-center

    CosmicV wrote:
    > On Oct 1, 10:38 am, yvette...@gmail.com wrote:
    >> Hello...I am working on a project to allocate some protection to
    >> segregate the Data-center A from the rest of user community. and there
    >> are some requirements:
    >> 1) this data-center A do not have internet connection directly, but it
    >> can access the internet via another data-center B.
    >> 2) each server in data-center A will be access from the user community
    >> only specific ports/protocols open.
    >> 3) each server in data-center A will be fully open to data-center B.
    >> 4) ideally, the IP address of each server in data-center A will not be
    >> changed after put this internal firewall.
    >> 5) the servers are Windows 2003 for file server, printer server,
    >> exchange server, SQL server, Web server and the regional domain
    >> controller (DC).
    >> 6) the main DC and Exchange are located in data-center B.
    >> 7) the data-center are split into 2 networks, one for production, the
    >> other is QA.
    >> 8) we have no direct controll on data-center B.
    >>
    >> My questions is that: what kind of Cisco product can achieve this
    >> request?
    >>
    >> Thanks,
    >> fshguo.

    >
    > Why would you confine yourself to Cisco solutions? If your talking
    > security, I know that Cisco is by far not the first name you should
    > look at. Checkpoint or Juniper are FAR better products in my own
    > opinion. Cisco makes great mid-level routers and switches, but they
    > are relatively new to the enterprise firewall environment.
    >


    Mid-level?

    Anyway, I'm guessing speed will be a consideration in your decision, I
    would look at the Cisco Catalyst 6500 with the Firewall Services Module
    (FWSM).

  5. Re: internal firewall for Data-center

    Am Tue, 02 Oct 2007 07:04:19 -0400 schrieb wayne:

    > CosmicV wrote:
    >> On Oct 1, 10:38 am, yvette...@gmail.com wrote:
    >>> Hello...I am working on a project to allocate some protection to
    >>> segregate the Data-center A from the rest of user community. and there
    >>> are some requirements:
    >>> 1) this data-center A do not have internet connection directly, but it
    >>> can access the internet via another data-center B.
    >>> 2) each server in data-center A will be access from the user community
    >>> only specific ports/protocols open.
    >>> 3) each server in data-center A will be fully open to data-center B.
    >>> 4) ideally, the IP address of each server in data-center A will not be
    >>> changed after put this internal firewall.
    >>> 5) the servers are Windows 2003 for file server, printer server,
    >>> exchange server, SQL server, Web server and the regional domain
    >>> controller (DC).
    >>> 6) the main DC and Exchange are located in data-center B.
    >>> 7) the data-center are split into 2 networks, one for production, the
    >>> other is QA.
    >>> 8) we have no direct controll on data-center B.
    >>>
    >>> My questions is that: what kind of Cisco product can achieve this
    >>> request?
    >>>
    >>> Thanks,
    >>> fshguo.

    >>
    >> Why would you confine yourself to Cisco solutions? If your talking
    >> security, I know that Cisco is by far not the first name you should
    >> look at. Checkpoint or Juniper are FAR better products in my own
    >> opinion. Cisco makes great mid-level routers and switches, but they
    >> are relatively new to the enterprise firewall environment.
    >>

    >
    > Mid-level?
    >
    > Anyway, I'm guessing speed will be a consideration in your decision, I
    > would look at the Cisco Catalyst 6500 with the Firewall Services Module
    > (FWSM).


    netscreen and you can sleep better

  6. Re: internal firewall for Data-center

    On Oct 2, 5:04 am, wayne wrote:
    > CosmicV wrote:
    > > On Oct 1, 10:38 am, yvette...@gmail.com wrote:
    > >> Hello...I am working on a project to allocate some protection to
    > >> segregate the Data-center A from the rest of user community. and there
    > >> are some requirements:
    > >> 1) this data-center A do not have internet connection directly, but it
    > >> can access the internet via another data-center B.
    > >> 2) each server in data-center A will be access from the user community
    > >> only specific ports/protocols open.
    > >> 3) each server in data-center A will be fully open to data-center B.
    > >> 4) ideally, the IP address of each server in data-center A will not be
    > >> changed after put this internal firewall.
    > >> 5) the servers are Windows 2003 for file server, printer server,
    > >> exchange server, SQL server, Web server and the regional domain
    > >> controller (DC).
    > >> 6) the main DC and Exchange are located in data-center B.
    > >> 7) the data-center are split into 2 networks, one for production, the
    > >> other is QA.
    > >> 8) we have no direct controll on data-center B.

    >
    > >> My questions is that: what kind of Cisco product can achieve this
    > >> request?

    >
    > >> Thanks,
    > >> fshguo.

    >
    > > Why would you confine yourself to Cisco solutions? If your talking
    > > security, I know that Cisco is by far not the first name you should
    > > look at. Checkpoint or Juniper are FAR better products in my own
    > > opinion. Cisco makes great mid-level routers and switches, but they
    > > are relatively new to the enterprise firewall environment.

    >
    > Mid-level?
    >
    > Anyway, I'm guessing speed will be a consideration in your decision, I
    > would look at the Cisco Catalyst 6500 with the Firewall Services Module
    > (FWSM).


    Yes, mid-level. The Juniper high end routers kick off on Cisco all day
    long. Most of the internet backbone is in fact Juniper. Google swapped
    out a good chunk of their Cisco network for Juniper. That said, I
    wouldnt use Juniper for a mid-sized enterprise as I think Cisco's gear
    is better in that area. I look towards best of breed for a solution
    instead of playing fanboy favorites.


  7. Re: internal firewall for Data-center

    O
    Its better you have Netscreen Firewall. You can have choose according
    to your data flow
    http://www.juniper.net/products_and_...ash_ipsec_vpn/

    Netscreen will provide you firewall and routing services bot h in
    better prospective which fulfills your requirement.
    Virtual Router is one of the feature you can use for segregating
    traffic between different areas/networks.

+ Reply to Thread