I am a network administrator of my company and are pretty new to the IT industry. May I sought your valued advice on the following issues.
My company is using ADSL to access the internet. The ADSL plan provide us with a dynamic ip address. All the PCs in the company connect to the internet using a ADSL router. We do not have any public server. We have about 50 computers currently. We have a Win NT 4.0 Domain.
Based on my company networking setup above, do you think I need to acquire a Cisco firewall ? If yes, which model will you guys recommend
I am thinking of getting PIX 515R but isn't sure whether it is suitable or not.
Please provide me your valued advice.
Thanks and best Regards,
Based on the information you provided I think a Cisco PIX506 will do the job for you. It has sufficient forwarding rate (8Mbps cleartext). If, however, you require a third interface for future use, I would recommend the 515.
Hi Ron /All,
Does it means that PIX 506 and 515 support dynamic IP address ?
If yes, how do I go about doing it ?
Do you need a firewall? I'd suggest the answer is yes. You have 50 computers you want to protect from threats on the Internet. A firewall will give you a policy enforcement point at which you can implement a security policy that the people who use those 50 computers will need to abide by. You need to talk with company management and come up with a basic security policy. A good starting point would be to define an acceptable use policy that defines what is and is not allowed to be accessed via the corporate Internet connection.
Do you need a PIX? Again, I'd suggest yes. The ADSL connection will give you access to an Internet IP address. You'll need to perform some form of network address translation (NAT) in order to share that address over the 50 PCs they could want to look at the Internet. The PIX is a very good NAT box.
Liberty for All,
Do you have Web or any other public servers? The 506 is a good choice and we had it for a while but outgrew it when we went to add Web servers. No 3rd interface and thus no DMZ. If you think you will add public servers within oh about the next 2 years or so I would go with a 515r
PIX With dynamic IP address ? yes you can, I have ever tried it before....It's better if you have DMZ zone, 515 will do....But the most important thing is that your ADSL router must have PAT capability, and because the public ip addr (dynamic ip add) always keep changing you must translate your server to the particular port on the interface ( interface dialer) cisco 827 will do.....
hope it helps...
A 515 would more than suit your needs. If you don't plan on breaking off a DMZ you can probably live with a PIX 506 and save some $$$
The firewall cannot have a dynamic IP address on the outside interface. It has to have a static IP address assigned to the outside interface, which the DSL company should be able to provide (most of them do that without charge).
So if you asked if the PIX can handle dynamic IP addresses, no, it cannot. It needs one static IP address.