Internal vs. External Firewalls

[Mike555]

I administer a small network of 2 servers and 50 users. Our firewall is located on the same server that hosts Exchange, Virus Protection, and Shared Apps. My software vendors are telling me that I should be using an external firewall. They say that the current setup will only block someone who already has "one foot in the door." Are these vendors just trying to sell me something, or do they have a valid point?

Thanks.

--
Mike

Why make it simple and efficient when it can be complex and wonderful?

 

[Thomas2000]

Hello Mike!

What kind of (Software)firewall are you using? Are your servers configured with multiple network cards with different IP (external + Internal?) Chosing a solution depends on how your network is set up.

Cheers,
Thomas

 

[DgtlLgk]

as thomas2000 said it depends from the job,network u have.if they told u that the one that u already have is not set up correctly then create new rules so it can overcome with ur needs.for sure a hardware one is more secure,and more expensive.the thing is that if the one that u already have it satisfies u.

 

[Mike555]

I'm currently using a Watchguard firewall which is configured through Norton. I think the servers only have internal IPs.

--
Mike

Why make it simple and efficient when it can be complex and wonderful?

 

[Thomas2000]

Mike,

Well if you think it meet your needs and that you are satisfied with the security it should be sufficient, but I would personally go for an external (hardware) firewall. As DgtlLgk, said it is more expensive, but there are a lot of smaller firewalls on the market now, that are for small companies that does not have so many servers or users. If you are satisfied with the current venodor check out their homepage and see what kind of models they have. Many vendors now offer fairly cheap solutions but with lots of functions, such as NAT (Network Address Translation) and VPN support.

I do not want to promote any vendors here, but if you want some examples email me at sandberg_thomas@hotmail.com and I can provide some information.

Regards,
Thomas

 

[GlenJohnson]

Are these vendors just trying to sell me something, or do they have a valid point?

I would have to ask how well you know these vendors. If you have to ask the question, then it sounds like your not completely comfortable with them. Why not get a second opinion?

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.

TTinChicago
Johnson Computers

 

[Mike555]

GlenJohnson,

Correct - My employer (and myself) are not completely comfortable with them. We have yet to find that "perfect" vendor who cares about more than just upselling you. The topic of internal/external firewalls was a point that they had all brought up.

Why not get a second opinion?

That's why I came here!

Thanks.

--
Mike

Why make it simple and efficient when it can be complex and wonderful?

 

[GlenJohnson]

Instead of paying someone to tell you what you need, can I suggest an easy way to figure it out yourself?
Cisco Security Specialist’s Guide to PIX Firewall
It's only $35 and might give you some insight. [Disclaimer]I have not read this, do not work for Cisco, and will receive no profit from the sale of this book. Found it with a 20 second google search.[Disclaimer] Just a thought.


Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.

TTinChicago
Johnson Computers