firewall design

30 pts.
Firewall configuration
Firewall management
Network security
Network Security Management
i want to design a firewall for a plz suggest me sum ideas regarding to this subject and if you have any another idea related to this subject that also wil be accepted

Answer Wiki

Thanks. We'll let you know when a new response is added.


So many people have already made firewalls why not take a look at the different existing solutions:
<li>AmazingPorts – easily to set up free firewall that handles most situations Ryan suggests</li><li>pfSense – traditional simple free firewall</li><li>FreeBSD – traditional *ix OS that has great bulit in firewall capacity</li></ul>

From a administrative standpoint I wouldn’t go for the “close all” and then open strategy as it has a couple of inherent weaknesses when it comes to user-networks:
-You are not available to open ports when required, thus other people will suffer and/or wait.
-It will create immense amount of work for you/the administrator
-Security is usually not better as any real “crook” will use port 443 anyway as it will be open and allow encrypted packets.

For these reasons I believe NAT (Network Address Transalation) is outstanding as it protects your network from the outside world without hindering anyone on the “inside” to perform his work.

With regards to server networks, I agree with Ryan completely.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • RGunther
    A few suggestions would be to sit down and map out all the servers and workstations. Get an idea of the purpose for each device. Once you know the purpose you can start to group like devices together. Example, student labs, they should have access to the internet but be completely blocked from any servers. Administration computers, access to printers and file shares. Another step would be to block everything and only open ports as needed. Be ready to get complaints that users are not able to access this or that anymore. Just have a form for them to fill out and make sure their request is valid and open the ports for them. This way you know you only have the ports open with the correct source and destination ip addresses. That should be a good starting point, firewalls always seem to be a fluid object. Just be ready to make changes and always try to keep it as restrictive as possible but at the same time try not to frustrate the end clients. Hope that helps you in the right direction. Ryan Gunther
    650 pointsBadges:
  • mitrum
    try untangle it is easy to use and configure.
    810 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: