Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New guy, gonna be installing hardware firewall 1

Status
Not open for further replies.
sab4you

sab4you

IS-IT--Management
Joined
Jan 30, 2003
Messages
269
I am needing to install a hardware firewall for a company with under 100 computers.

Each computer has its own public IP address.

This will be my first hardware firewall setup, but I have done many software firewall installs. I have also setup our company router (different company that needing firewall)

So I was hopeful maybe for some tips or some easy setup firewalls for the new guy :)

As said, each computer has public IP and I will need to allow certain ports for multiple computers to be open i.e. I need port 502 for a few different IP addresses to be open.

I pritty much want to keep it simple for starts, allow any outgoing traffic, but start the protection with inbound traffic.

I dont need the most complex high tech firewall out there. The way the company is setup now they are totally open to the world, so a decent easy to use firewall would be great for me!
 
Sort by date Sort by votes
And people wonder where all the IPs are going....sheesh! [evil]
First off, get a firewall in there and start using NAT. I highly doubt your that company needs 100 public IPs per computer. Plus once you get NAT working you can tell them how much money they'll save by reducing their cost with the ISP...[thumbsup2]

Quick lesson though....When it comes to security, block everything, then grant access that people actually need. Instead of starting with an open configuration, start with a closed one. Get what I mean?
Remember! Internet access only requires port 80(http),443(https),21(ftp). Also 53 (dns) if you don't have an internal DNS server set to forward....

Anway, to actually answer your question....
Cisco PIX is a great hardware firewall, but might be a little daunting for a new person...give it a shot if you want though!
Try cyberguard instead, I hear its got a pretty easy GUI, and can be up and running out of the box pretty quickly. They also have a trial period that you can use to see if it will fit the situation.

Others might have more advice on which HW FW to use though.
Good luck!
________________________________________
Check out
 
Upvote 0 Downvote
I've got experience with Netscreen and WatchGuard firewalls, and can recommend either of them to relatively inexperienced installers. I second the "get NAT going ASAP" advice, and I'd add that given that the 100 workstations have been exposed to the internet for a while, locking down outbound traffic (with an eye toward trojans phoning home and such) is not a bad idea either.

What's port 502, by the way?

-Steve
 
Upvote 0 Downvote
port 502 is for modbus protocol...its a standard for power meter equipment (electricity)

thx for the advise...turns out I wont be in charge of a firewall (for now) but starting off with more limited scope just to boost them up alittle...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheFireman2
  • Locked
  • Question Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
508
hairlessupportmonkey
hairlessupportmonkey
Ailuin
  • Locked
  • Question Question
Best Residential proxy provider.
Replies
1
Views
1K
AvivBes
AvivBes
RodneyMcSnow
  • Locked
  • Question Question
Hardware firewall bypassed access to the lan network. Please Help! No it's not a root kit or virus
Replies
1
Views
368
ChrisHirst
ChrisHirst
hall5942
  • Locked
  • Question Question
open firewall port on 881
Replies
0
Views
287
hall5942
hall5942
hall5942
  • Locked
  • Question Question
open firewall port on 881
Replies
0
Views
269
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top