We are very seriously considering firewall-1 with the following setup:
INTERNET --Packet------ FW1 ---|---- Internal
Filter | +--Proxy
|-----DMZ: External DNS, SMTP, "Intranet" available
The FW-1 box would have multiple NIC cards. The Mail and Web is for our
"intranet", not a true public web server. Our DNS is currently serving name
resolution for our external Web site which are located on external josts.
Our "Intranet" would be accessed *mainly* by internal users but there is a
few users who will coming over the Internet from very remote offices.
Approx. 2000 users will be accessing the internal servers and/or surfing the
Web. We have a T-1 but may increase it if needed.
1. Is FW-1 on an NT box viable? It seems a little rough around the edges.
Should I stick with a Unix box instead?
2. If NT is OK, then what kind of box is needed (i.e., what kind of
hoursepower and memory?)
3. Can I run a proxy server on the FW-1 box or should I purchase a second NT
or Unix box? Is the placement of the Proxy server OK?
4. Do I really need a consultant to come in and configure it? I'm pretty
familiar with Unix and IP stuff.
5. The above diagram has a total of three NICs: One from the Internet,
through the Packet Filter (which would filter out the really evil stuff)
going into the FW-1 box; one for the "external" intranet servers (DMZ); and
one going to the internal network.
6. Any other comments, "gotshas", etc?
To conserve bandwidth, you may e-mail me privately and I'll post a summary.
Thanks in advance,