Firewalls

howler

howler

howler

Associate
Joined
5 Oct 2004
Posts
1,647
We need to get an EAL4 Firewall. I have been looking at various vendors

3 that I have been looking at are:

Watchguard
Check Point
Cisco ASA

now the WatchGuard and the Check Point I know comply with EAL4, however Cisco PIX does but I can't find anything that says the ASA does although I am sure it does

Whats my best option, I can probably persuade work to send me on a training course for whichever one we choose
 
I steered clear of Juniper as I heard that they are a real pain to configure

This is not the case then?

How much of a headache is a check point firewall and would a course teach me what I need? I'm already CCNA standard so have some base knowledge
 
How does the licencing work on these products? If you have a 10 user licence for example is that only for users sending traffic through the firewall from your LAN?

I'm not keen on going for a PIX as it has been replaced by an ASA and don't want to buy something out of date

Also can some of you name reptutable suppliers for these sorts of products, I will check our own suppliers but they aren't always great on hardware?
 
I would rather not divulge too much but to give you an idea:

We are going to have a connection to an organisations very large network, there are specific sites on this network that will send data to us using secure ftp

there will be a machine at our site for receiving all of this data and then passing it onto our lan which is on a different subnet.

It is important to protect the receiving machine from unwanted attacks from the organisations network aswell as the internet which will be available through that connection. It also needs to prevent any traffic from our LAN traversing the corporate network although the router between the two LANs should help police that

hope that makes sense
 
atomiser said:
it would be, you wouldn't have any problems at all. aye, as far as i am aware it is...the whole product range is...they must be because we have to use that kit too and i look after about 30 of the adsl ones! i dont think it's just the hardware that is eal4 compliant, but also the code too. i can configure one of our test boxes as per your description and post up the config if you like...
Click to expand...


Very kind of you sir!

I wouldn't go to any effort yet until we decide what to buy but I may need to call on your services at a later date should we go down the juniper route
 
VPN tunnels don't matter there won't be any, as for throughput the data will be coming from two adsl connections throughout the day and pretty much all day by the time all the remote sites are live and sending data

I'm guessing that I don't need massive throughput due to the fact that the data is throttled down to 8 meg broadband?

The firewall is requirement is two fold, the network we are connecting to state that we must have an EAL4 firewall. I also want something that I know I can rely on so that I know it is well protected

Redunandancy is alos very important, if the firewall goes down then I need another to be able to seamlessley take over

Budget isn't a massive problem, we will spend what we need to so that we get a good solution, but obviously we aren't going to waste money on something we will not get any use from
 
Last edited:
Leased Line is far too expensive

The ADSL connections are managed by someone else and backed by their SLA so we don't really need to worry about that if you see what I mean, the connections do also have ISDN backup

This is a totally different network segment to our current network so extending what we currently have is not the way we want to go right now, we just want to get this implemented according to the standards that have been set

I understand the solution is not going to be cheap and we are willing to spend the money but I just want to make sure we don't buy a solution that is totally overkill
 
You must log in or register to reply here.
Back
Top Bottom