I need some help on selection of the firewall. My situation is like this: I have one Web Application Server and a Database Server (which supports the web server). Now I need a firewall hardware to have the following features:
1)switch: so that I can connect both the web server and the database server to it;
2)DMZ: so that I can plug in a caching server.
3)VPN: so that I can use my PC remotely access the web and database servers. (My PC will be installed the VPN CLient software).
Which firewall product(s) should I choose?
As for the DMZ, do I need to purchase the additional/external card to plug into the firewall equipment OR it has already built it in?
Thanks for the response. But I would need some futher clarification:
1)It is said:"with dmz, you probably needs pix515e or above"
--Why need pix515e or above? Would the pix501 or 506 achieve the same?
2)It is said:"consider 2 pix501/506e in order to create a dmz. e.g.
www <--> pix <--dmz--> pix <--> lan"
--Why do I need 2 pix in order to build up a DMZ? (Wouldn't one pix 501 or 506 be good enough?)
3) If my servers are hosted in a hosting company where they have already set up a firewall for the internet, my servers will be located in their server room (like in a LAN). Now if I use the pix501 (or 506) to set up another firewall just for protecting my servers in the room, would this pix 501 (or 506), in combination with the Hosting Company's firewall, satisfy the "www <--> pix <--dmz--> pix <--> lan" model?
4) Microsoft claims the ISA Server 2004 will do better job than the traditional firewall, would you give some comments on this? i.e. using ISA 2004 in comparison with using the pix 50x.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...