Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Paul Hutchings (paulspamcop.net)
Date: Sat Aug 25 2007 - 06:36:16 CDT
Not sure if anyone's still here going from the archives but here
I'm looking for a device to put at the edge of our network.
I would want it to do the following:
Act as a basic source/dest/protocol/action firewall to allow packets
in and out to/from our servers.
Have a minimum of 2 DMZ ports.
Allow the internal and DMZ interfaces to work in either NAT or Route
mode (selectable per interface, most likely public IP's on all
Have some sort of URL filtering onboard.
Have the means to add/exclude entire domains from this filtering.
Some level of IDS.
The basic scenario is that outbound access for our LAN users would be
handled by a proxy server on the LAN, so for outbound traffic (i.e.
concurrent users) all this device would ever see would be the
external IP of the proxy, as well as any traffic coming from our DMZ's.
The internet connection will be 100mbps, though I anticipate average
usage to be low, and bursty i.e. low average but when someone wants
to download a large file it'll burst to as fast as we can get it.
To give an idea, the most concurrent sessions I've ever seen on the
current brick is around 450.
Because of this, and the fact that it won't have to handle
connections from hundreds of of LAN machines I'm hoping to be able to
look at a fairly low end box.
I'm sorting out getting in an MX1004 to trial for a couple of weeks
as on paper it looks to do everything I want. Wondered if anyone is
using one (or of course a 3006 etc.) and what your thoughts are?
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.