I'm looking into implementing a firewall for our organization. I've gotten a
lot of useful information from this mailing list, as well as from the firewalls
book and other net sources. I've realized of late that there are a couple of
requirements we have that I haven't seen much talked about.
The first item is the speed of traffic through the firewall. My manager would
like us to design the firewall to be capable of passing about an ethernet's
worth of traffic, the idea of course being to plan for future capacity now. If
we were just doing packet screening, this would be fairly simple (as far as I
can tell), but we need an application gateway that can handle PC-based
applications which are not necessarily designed to be used through a firewall.
I realize that this is probably unrealistic, but we do want to get as much speed
Another concern is the user interface. We have a large number of users who are
not technically sophisticated and are used to having GUI interfaces for
everything. A lot of firewall solutions I have seen involved the user
telnetting to one host, and getting out from there with a text based interface.
Can the firewall machine intercept the traffic and pass it on in a way which is
transparent to these users?
The configuration we will be using will look something like the Plan B setup in
the Firewalls book. That is, screening routers on either side of a dual-homed
gateway host. We want to allow outward access to HTTP, NNTP, Telnet, Gopher,
and FTP. Incoming, we would allow only Telnet and FTP with authentication.
My big concerns are what hardware/OS to use for the gateway host, and what
firewall software would fit into our plans. We really need off-the-shelf
solutions, because we don't have the in house manpower to do the development.
Any information you can give me would be appreciated.
Kevin T. Likes
email: Kevin_T .
phone: (317) 233-0521
fax: (317) 232-0748
100 N. Senate Avenue Room N551
Indianapolis, IN 46204