I have 5 (soon to be 8) PowerEdge servers that I want to firewall and have only certain ports (HTML, RDC, FTP) open. Each server has its own IP on the web. Wire comes in, goes to a 3COM switch, then to individual Linksys routers, then to the Servers. I want to eliminate the individual routers and go with a single device for all the servers. What do you recommend keeping in mind that just opening a couple ports is really all we have to do ?
Bob, it all depends what other requirement there may be in future for your network , do you have current baseline of network utilization, I mean how busy are these power edge servers in terms of port and overall utilization? need any other features like device failover capabilities etc.. if just eliminating individual routers you could go with ASA5505 firewall with security plus license to support DMZ, I know you did not mention about DMZ but good to have the capability there, how many subnets needed? as this firewall can support up to 20 vlans using dot1q standard, if you need more vlans the the 5510 would be your next choice,.. refer to link bellow for models.. to see features per model.. I believe 5505 should be good, I currently support a firewalled network within our regular network with 20 heavy duty QA application testers for inbound and outbound connections and I am using a PIX506E not ASA which is much more advanced firewall and I have no complains ..
thank you Jorge for your comments. We are very basic here (as is my networking knowledge) and we only need to support HTTP, HTTPS, RDC and SMPT. Future needs don't get much more complicated than that. Just want to scale to perhaps 8 servers in the near future.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...