On 25 Jun 2001, at 10:09, Ron Jobe wrote:
> Please correct me if I'm wrong, but here's what I'm envisioning:
> --The server will have two Ethernet connections: one to their DSL
> line and the other to the internal LAN.
Okay. This machine will be the "gateway" to the LAN.
> --Running firewall software on the server and on each of the LAN's
> PCs (probably Zone Alarm Pro or Norton).
It should be sufficient to run firewall software on the "gateway"
PC -- the other PCs are "behind" it and don't need their own
firewalls.
> --The server hardware will be upgraded to support both
> communications and file server duties (dual PIII-1000 processors,
> 256MB ECC ram, redundant power supply, UPS, etc, ).
> --Linux may be more secure than Win2k, but they could use the
> server as an extra office PC (in an emergency) if running Win2k.
This is one of the reasons that I prefer a special-purpose box like
the NetScreen-5 or SonicWall, over a stock PC as a gateway. It's too
darned tempting to load up a gateway PC with other functionality that
ought to be *behind* the firewall.
If you are going to use a PC as the gateway, I'd have it run the
minimum of OS functionality, plus VPN server and firewall, and
nothing else. Specifically, I'd put file server functions on some
other machine....
> --Converting their current 10Mb LAN to 100Mb for better access to
> the server.
This may be excessive. For such a small group, I'd look at a
10/100 switch (perhaps the Cisco 1912/1924 models), being sure to put
the server on a 100 Mbps port and configure all ports for full
duplex.
> What do the expensive hardware solutions provide that Linux/Win2k
> don't?
Well, the NetScreen boxes do their routing and firewalling in
custome hardware -- probably not an issue at your connection speeds.
> What am I missing?
>
> Thanks for your help!
> Ron Jobe
Dave Gillett
Visit our website regularly for FAQs,
articles, how-to's, tech tips and much more
http://freepctech.com
|