I would also look at:
1) Cost affectiveness
3) Since firewall are single point of failure
a) Does the software or hardware support a standby feature
so that you can add it now or later.
e.g which support the above: Cisco PIX (HW),
Stonesoft Stonebeat (SW), sure there are many more HW/SW available.
4) Which type of firewall system you need and its [dis]advantages.
e.g: a) Circute level (Performance is good)
b) Application level (Performence also depends on the system its running on)
5) If you are going to allow remote network connection to internal network, then VPN support.
Akhila Sinha wrote:
> We are looking at firewall solutions to connect a 2MB link to about 2500
> We will need to support:
> telnet outward from almost all nodes,
> full tcp inward from selected machines outside
> Internet web, Intranet Web
FYI: since all firewalls are based on concurrent connections, microsoft browser
can open up to 20 TCP connections and is not configurable.
I think all firewalls can do the above.
> As we are still educating ourselves, I would appreciate some
> comments and substantiation on the following of my "beliefs "
> . A 'standard configuration' for this is through a Packet filtering
> router and firewall with two iinterfaces to the secure subnet
> and a DMZ subnet.
> . Firewalls are of two kinds : MSPF (multi-state packet filtering)
> such as Checkpoint FW-1 and proxy serving (PSF). such as Raptor
> . Of the two MSPF, PSF, the latter is more flexible and transparent
> for use by an admin. ( Any typical attacks scenarios which
> cannot be handled / or are difficult to secure on or other ?)
> The News and Internet Web servers should not be on the secure side
> (What are other problems beside errant CGI programs ?)
> Thanx in advance.
> Akhila Sinha
> Computer Centre, IIT Delhi
If you have more questions, just drop an email.
ECRC Network Services GmbH Tel: + (49) 89-92699-119
Arabellastr 17, 81925 Muenchen Fax: + (49) 89-92699-170
GERMANY Mobile: + (49) 171-2132658
http://www.ecrc.de Internet: badri @