[Gllug] Fwd: Information Request: Firewall Kit
James Courtier-Dutton
james.dutton at gmail.com
Thu May 3 19:03:35 UTC 2012
On 3 May 2012 15:21, Alfred Kernaghan <alfakern at gmail.com> wrote:
>
>
> ---------- Forwarded message ----------
> From: Alfred Kernaghan <alfakern at gmail.com>
> Date: Thu, May 3, 2012 at 3:20 PM
> Subject: Information Request: Firewall Kit
> To: gllug at gllugg.org.uk
>
>
> Hey all,
>
> I'm looking after 4 racks of servers in London, up until now they've just
> been locked down as much as possible individually using iptables on each
> machine (and blocking/removing public interfaces where they're not strictly
> necessary). We're in a bit of upheaval at the moment due to going for PCI
> Compliance and improved security, so I'm securing/segmenting the network as
> it stands. As opposed to a central software based firewall, the company's
> opted to go down the hardware route and get a full fledged firewall.
>
> I don't have a lot of experience with hardware/dedicated firewall
> appliances, but I've had recommendations for a few different brands, Cisco,
> Checkpoint, Watchguard and Barracuda. As you'd all know, attempts to ask
> our vendor or Google for recommendations has been relatively fruitless in
> that I feel I'm getting up-sold (as much as possible) on very biased
> recommendations!
>
> Our requirements aren't huge, it's for a moderate to high use UK website
> (runs along happily at ~12mbps on our burstable pipe 99% of the time) and
> will simply need to firewall between 3 internal VLANS (1x DMZ and 2x
> private).
>
> It's not money dependant really, I just want to get something recommended by
> someone in the industry who's not in it just for a kick back, and will
> support our simple requirements, with room for growth of course.
>
> Could anyone shed any light on any of the above vendors, or recommend anyone
> else (I'm completely open to ideas). As a base, I've been looking so far at
> the Watchguard XTM 3 or 5 series and the equivalent model(s) from Barracuda
> Networks.
>
I would go for any firewall that is EAL4+ approved.
Various ones are listed on the CESG (Part of GCHQ) web site.
http://www.cesg.gov.uk/finda/Pages/CCITSECSearch.aspx
http://www.cesg.gov.uk/finda/Pages/CCITSECResults.aspx?post=1&type=Firewall&status=Certified&sort=name
http://www.cesg.gov.uk/publications/Documents/directory.pdf
I have seen cyberguard firewalls used a lot, and they seem to work
well and are easy to use.
Kind Regards
James
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list