Alfred Kernaghan
2012-05-03 14:21:09 UTC
---------- Forwarded message ----------
From: Alfred Kernaghan <***@gmail.com>
Date: Thu, May 3, 2012 at 3:20 PM
Subject: Information Request: Firewall Kit
To: ***@gllugg.org.uk
Hey all,
I'm looking after 4 racks of servers in London, up until now they've just
been locked down as much as possible individually using iptables on each
machine (and blocking/removing public interfaces where they're not strictly
necessary). We're in a bit of upheaval at the moment due to going for PCI
Compliance and improved security, so I'm securing/segmenting the network as
it stands. As opposed to a central software based firewall, the company's
opted to go down the hardware route and get a full fledged firewall.
I don't have a lot of experience with hardware/dedicated firewall
appliances, but I've had recommendations for a few different brands, Cisco,
Checkpoint, Watchguard and Barracuda. As you'd all know, attempts to ask
our vendor or Google for recommendations has been relatively fruitless in
that I feel I'm getting up-sold (as much as possible) on very biased
recommendations!
Our requirements aren't huge, it's for a moderate to high use UK website
(runs along happily at ~12mbps on our burstable pipe 99% of the time) and
will simply need to firewall between 3 internal VLANS (1x DMZ and 2x
private).
It's not money dependant really, I just want to get something recommended
by someone in the industry who's not in it just for a kick back, and will
support our simple requirements, with room for growth of course.
Could anyone shed any light on any of the above vendors, or recommend
anyone else (I'm completely open to ideas). As a base, I've been looking
so far at the Watchguard XTM 3 or 5 series and the equivalent model(s) from
Barracuda Networks.
Cheers, and thanks in advance
Kerno
From: Alfred Kernaghan <***@gmail.com>
Date: Thu, May 3, 2012 at 3:20 PM
Subject: Information Request: Firewall Kit
To: ***@gllugg.org.uk
Hey all,
I'm looking after 4 racks of servers in London, up until now they've just
been locked down as much as possible individually using iptables on each
machine (and blocking/removing public interfaces where they're not strictly
necessary). We're in a bit of upheaval at the moment due to going for PCI
Compliance and improved security, so I'm securing/segmenting the network as
it stands. As opposed to a central software based firewall, the company's
opted to go down the hardware route and get a full fledged firewall.
I don't have a lot of experience with hardware/dedicated firewall
appliances, but I've had recommendations for a few different brands, Cisco,
Checkpoint, Watchguard and Barracuda. As you'd all know, attempts to ask
our vendor or Google for recommendations has been relatively fruitless in
that I feel I'm getting up-sold (as much as possible) on very biased
recommendations!
Our requirements aren't huge, it's for a moderate to high use UK website
(runs along happily at ~12mbps on our burstable pipe 99% of the time) and
will simply need to firewall between 3 internal VLANS (1x DMZ and 2x
private).
It's not money dependant really, I just want to get something recommended
by someone in the industry who's not in it just for a kick back, and will
support our simple requirements, with room for growth of course.
Could anyone shed any light on any of the above vendors, or recommend
anyone else (I'm completely open to ideas). As a base, I've been looking
so far at the Watchguard XTM 3 or 5 series and the equivalent model(s) from
Barracuda Networks.
Cheers, and thanks in advance
Kerno