Results 1 to 6 of 6

Thread: Hardware firewall advice

  1. #1
    Senior Member
    Join Date
    Apr 2005
    Posts
    123

    Hardware firewall advice

    Hello everyone, i have here a question for you.
    here is my situation, i have a network with 2 internet connections,behind 2 routers. I have other routers that connects to another 2 systems (private network).
    What im looking for is, a hardware firewall, so that the 2 internet connections could be more secure.

    what im thinking is, a SonicWall Pro 5060(or CheckPoint) -->(maybe a sniffer)--> Proxy-->Network , and a linux firewall on one of the private systems, because one of them have its own internet connection, so if an attacker wanna get acess, he could attack from there, because that connection is impossible to pass through the hardware firewall.

    I would like your expert opinion, about the firewall, and about the implementation of this security.


    Thanks all for your help.

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    As long as a node has its own connection, any firewalling beyond that will be pointless. Anyone looking for a way into your network *will* eventually figure out that you've got a backdoor. Don't count on people just not finding it. The main connections might see more scans and skiddie attacks, but they're easy enough to block anyway. Any determined attack will find a way through the back door and therefore around your shiny new hardware firewall.

    There's no point putting security in place on the main connections that you can't match on the backdoor connection. Like not locking the back door so your kids can get in the house if they lose their keys. A determined burglar ain't gonna give up when the front door is locked.

    And why in the hell are you worrying about securing a network without closing the backdoors first? Just wondering here...

    Either eliminate the backdoor, or give it security just as good as the main connections.

    But hey, that's just my 2 cents...
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  3. #3
    Senior Member
    Join Date
    Apr 2005
    Posts
    123
    maybe i didn't explained correctly


    1st network:

    Firewall (Sonicwall)-->(maybe Sniffer)-->Proxy--> Network

    2nd Network

    Firewall (Linux firewall) --> Router(with firewall) ---> router (with firewall) ---> Main Network(1st network)

    this is why im asking your opinion, if the Hardware firewall is well chosen, and this security implementation, is well defined, or should i change something.

    It is not yet confirmed, but the other solution is a direct optical cable, for 1st network to the 2nd network, but duo the highly costs im not sure that will be possible, so im trying to make a implementation plan, just in case.

    If they buy the optical, everthing will go trought the Hardware Firewall and proxy.

  4. #4
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    I for one don't understand the network.

    Perhaps it might be better to describe what exists now, then what you envision.

    Are there two separate locations? Is there a defined DMZ ? Are there Web servers?

    As Striek said,
    Either eliminate the backdoor, or give it security just as good as the main connections.
    By the way, why do you consider the hardware firewall different from the Linux firewall?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  5. #5
    Senior Member
    Join Date
    Apr 2005
    Posts
    123
    Im sorry i didn't explanied correctly.

    I have 2 diferent networks that are connected by 2 routers ( a router in each network)

    the first network, lets call it X, i have 2 kinds of internet access, and have a mail server, data server, and workstations, data base server.

    The other network, lets call Y, i have 1 kind of internet access, a data base server, and workstations.

    What i was thinking is, in the network X put a --> Firewall-->Maybe Sniffer--> proxy--->Local Network

    On the Y Network. Linux Firewall---> Workstations

    i hope this time i explained correctly

    Thanks for the replys

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    How about (I hope this comes out right) :
    Code:
    [internet1]--->----\
                       [router]----[firewall]----[router]--------[main network]
    [internet2]--->----/                 |           \----------[other network]
                                         |
                                         \-----[DMZ]---[mail, web, proxy]
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •