[Gllug] Fwd: Information Request: Firewall Kit

James Courtier-Dutton james.dutton at gmail.com
Thu May 3 19:03:35 UTC 2012

On 3 May 2012 15:21, Alfred Kernaghan <alfakern at gmail.com> wrote:
> ---------- Forwarded message ----------
> From: Alfred Kernaghan <alfakern at gmail.com>
> Date: Thu, May 3, 2012 at 3:20 PM
> Subject: Information Request: Firewall Kit
> To: gllug at gllugg.org.uk
> Hey all,
> I'm looking after 4 racks of servers in London, up until now they've just
> been locked down as much as possible individually using iptables on each
> machine (and blocking/removing public interfaces where they're not strictly
> necessary).  We're in a bit of upheaval at the moment due to going for PCI
> Compliance and improved security, so I'm securing/segmenting the network as
> it stands.  As opposed to a central software based firewall, the company's
> opted to go down the hardware route and get a full fledged firewall.
> I don't have a lot of experience with hardware/dedicated firewall
> appliances, but I've had recommendations for a few different brands, Cisco,
> Checkpoint, Watchguard and Barracuda.  As you'd all know, attempts to ask
> our vendor or Google for recommendations has been relatively fruitless in
> that I feel I'm getting up-sold (as much as possible) on very biased
> recommendations!
> Our requirements aren't huge, it's for a moderate to high use UK website
> (runs along happily at ~12mbps on our burstable pipe 99% of the time) and
> will simply need to firewall between 3 internal VLANS (1x DMZ and 2x
> private).
> It's not money dependant really, I just want to get something recommended by
> someone in the industry who's not in it just for a kick back, and will
> support our simple requirements, with room for growth of course.
> Could anyone shed any light on any of the above vendors, or recommend anyone
> else (I'm completely open to ideas).  As a base, I've been looking so far at
> the Watchguard XTM 3 or 5 series and the equivalent model(s) from Barracuda
> Networks.

I would go for any firewall that is EAL4+ approved.
Various ones are listed on the CESG (Part of GCHQ) web site.

I have seen cyberguard firewalls used a lot, and they seem to work
well and are easy to use.

Kind Regards

Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list