Portal Home > Knowledgebase > Articles Database > High Traffic Firewall??
High Traffic Firewall??
| Posted by phpinfo, 02-22-2008, 11:15 PM |
| What are your recommendations for a high quality, high traffic firewall. Something for a colo center for a webserver, that is not too expensive.
|
| Posted by phpinfo, 02-23-2008, 01:09 PM |
| At the colo we are burstable on a pipe up to 100mbps. So we are only limited by that right? There would be no need to have a 1gbps firewall?
Also when looking at the specs on firewalls there are connection limits. Are these just for VPN or all connections in general? Meaning whatever the connection limit is, that is the only amount of concurrent visitors we can have on our site?
|
| Posted by LoganNZ, 02-24-2008, 01:54 AM |
| There would be no need for a 1gbps firewall.
However if you are going - Hardware Firewalls. Then you will need to consider there capacities.
Really you only need a hardware firewall if you are holding very sensitive data or your having a lot of attacks.
I hope that answers your questions.
|
| Posted by phpinfo, 02-24-2008, 02:11 AM |
| Hey thanks for the info! That is really what I am trying to decide, if I need a hardware firewall or if the OS X Server firewall will be fine. I didn't realize how expensive firewalls were, especially ones with lots of concurrent connections and throughput.
The only server that will be connected to the internet is the main webserver holding the website files. Through the other ethernet port, the main server will connect to the database locally which will have the more sensitive data.
So if a software firewall would suffice until there were problems with attacks, I might just go that route then.
|
| Posted by LoganNZ, 02-24-2008, 03:18 AM |
| Hi phpinfo
Hardware firewalls are usually used in fairly high-coporate data enviroments or high-risk data situations. e.g dDOS attacks.
The OS X firewall should do for small time / medium amounts of traffic depending on the data type ( static or dynamic ) however I always suggest having a small linux box running a firewall - " breach box " so the OS x server will be behind it. Essentially being a type of honeypot - Allowing to you see the attacks realtime before they even hit / touch your OS X server.
I hope this helps
Best Regards,
Logan
|
| Posted by phpinfo, 02-24-2008, 01:05 PM |
| Do you have any good articles on setting up a Linux firewall. Would I just setup OpenBSD and share the connection with the main server? What would the specs on the Linux box have to be and would this affect the performance of the webserver?
|
| Posted by Patrick67, 02-24-2008, 04:11 PM |
| Here is configserver firewall, pretty decent I use it on CentOSv5 but see no support for FREEBSD, only
*RedHat v7.3, v8.0, v9.0 openSUSE v10
*RedHat Enterprise v3, v4, v5 Debian v3.1 (sarge)
*CentOS v3, v4, v5 Unbuntu v6.06 LTS
*Fedora Core v1, v2, v3, v4, v5, v6, v7, v8
http://configserver.com/cp/csf.html
|
| Posted by dotHostel, 02-24-2008, 04:38 PM |
| Take a look at Cisco PIX Security Firewall end-of-sale models. You can find PIX 515-R-BUN priced under $500 at eBay.
|
| Posted by esnetcolo, 02-24-2008, 05:21 PM |
| Here's another option that we've had great results with as a datacenter. (Over 100Mbps throughput, easy to use, works in a failover config, open-source and often updated...) pfsense.com
Check it out. It uses a great GUI so you can still use it if you don't know Cisco IOS. You can build a great server (or use one you already have) to run it.
|
Add to Favourites 
Print this Article
Also Read
Pervent SPAM (Views: 534)