Firewalls: Re: Router advice needed

Firewalls
(May 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Router advice needed
From:	"Rob Tanner" <tanner @ george . arc . nasa . gov>
Date:	Thu, 05 May 1994 11:48:42 -0700
To:	firewalls @ greatcircle . com
In-reply-to:	Your message of Tue, 03 May 1994 10:48:49 -0400. <9405031448 . AA10277 @ ici5 . ici . com>

lafko @
 ici .
 com (David A. Lafko) writes:
>My company is in the process of connecting to the Internet through one
>of the commercial providers.  We've contracted for a 9.6 Kbps metered
>service (at least initially).  We will design and build a firewall
>prior to coming online.  I just attended Brent's seminar on building a
>firewall and am now looking for some advice.

I attended one a couple of months ago. Great seminar and I can
honestly recommend it to anybody.

>
>Now I need an internal router between my peripheral net and interal
>net.  I have 2 registered Class C networks (1 for peripheral, 1 for
>internal).
>
>What router can you recommend to use for the internal router?
>
>I am considering 2 options now, but others will be considered.
>1) Telebit Netblazer ST with 2 ethernet cards
>	Pro: don't need to learn new filter specification language
>
>2) PC running BSDI with screend
>	Pro: better routing algorithms
>	Con: 1 more filter spec language to learn, more system
>	configuration
>
>I'm assuming that both 1 and 2 will cost about the same (~$3500).

I've got a MorningStar router coming in for evaluation.  The unit is
about $2K.  It supposedly filters on source and destination IP address
and source and destination ports, both of which are super important as
far as I'm concerned.  Also can filter based on inbound vs outbound,
origin of session, source routing, etc.  On paper the unit looks real
good.

You can pickup a copy of the user's manual via annoymous ftp to
ftp.morningstar.com (I've forgotten the path).

If there's a general interest, I'll post my opinions after I've
evaluated the unit.  If anyone has suggestions for doing the
evaluation, I'll be happy to give them a whirl.

-- Rob

      _ _ _ _           _    _ _ _ _ _  
     /\_\_\_\_\        /\_\ /\_\_\_\_\_\  
    /\/_/_/_/_/       /\/_/ \/_/_/_/_/_/  Robert J. Tanner
   /\/_/__\/_/ __    /\/_/    /\/_/       Ames Research Center
  /\/_/_/_/_/ /\_\  /\/_/    /\/_/        (415) 604-3451 (SETI)
 /\/_/ \/_/  /\/_/_/\/_/    /\/_/         (415) 604-5347 (Kuiper)
 \/_/  \/_/  \/_/_/_/_/     \/_/          tanner @
 george .
 arc .
 nasa .
 gov
 ____________________________________________________________________

Follow-Ups:

Re: Router advice needed
From: Steve Kennedy <steve @ gbnet . org>

References:

Router advice needed
From: lafko @ ici . com (David A. Lafko)

Indexed By Date	Previous:	Re: mail handling From: Marcus J Ranum <mjr @ tis . com>
Indexed By Date	Next:	Re: Number of processes for TIS TELNET proxy From: Marcus J Ranum <mjr @ tis . com>
Indexed By Thread	Previous:	Router advice needed From: lafko @ ici . com (David A. Lafko)
Indexed By Thread	Next:	Re: Router advice needed From: Steve Kennedy <steve @ gbnet . org>