Firewall Recommendations

Firewall Recommendations

Post by Gene Curci » Sat, 30 Mar 1996 04:00:00



Has anyone recently looked-into/purchased a new firewall product.
I have just started looking, and would interested in hearing
opinions/advice from any of you who have gone through the process.
Right now we have begun looking at the Cohesive product
Gauntlet, but we are also planning on looking at the Sun products
on the market.  Response by email would be preferred.
--
Gene Curcio, Network Administrator
Information Systems Group, Teradyne, Inc. Boston, MA

 
 
 

1. Firewall recommendations/advice - Would this work?

Hello,

        I'm currently running a linux 2.0 box doing IP_masq to allow the
internal network to access the internet. Everything works great, I have
30 people going through a 386sx/16. However, we are now adding a new
website that requires access to a MS SQL server running on NT. I want to
isolate the NT system as much as possible, but I have a number of
internal apps that also use the SQL server. So I've come up with the
following idea.

I define three networks, the internal network, the DMZ, and the internet.
The webserver (plus email server, etc) exist on the internet (on the
segment that is directly attached to the router). The SQL Server will go
in the DMZ.

In order for the web server to access the SQL server, I have a IP_Masq
box that denys all incoming connections (incoming from the internet)
except for those coming from the webserver over the SQL port. I allow it
to forward everything.

I set up another IP_Masq system that sits between the DMZ and the
internal network, and it lets anything through to the DMZ, and so to
either the SQL Server or the Internet.

So what I have is:

Internet ----- firewall #1 ----- DMZ ----- firewall #2 --- Internal
            <- everything               <- everything
            -> only SQL port from IP    -> nothing

First, does this sound like a good idea? Are there any holes in this type
of setup? Can anyone suggest any improvements.

If this looks good, would the systems on the internal network (win95/98
boxes) need to have any special network setup? I would think that making
the gateway the system between the internal network and the DMZ would
work.

Thanks for any help,
Erick Thompson

2. Looking for Linux NEVOT bins

3. Firewall Recommendation

4. regular connect attempts

5. Firewall Recommendations for Home PC

6. File "" not found

7. Firewall recommendations

8. no keyboard as user under X

9. router/firewall recommendations?

10. Firewall recommendation: SQUID vs TIS vs ???

11. web iptables firewall conf tool recommendations

12. REQ: recommendations for home network firewall

13. Secure OS For Firewall. Any Recommendations?