I'm looking for some help selecting a hardware firewall. My current setup is a WinXP machine with a USB ADSL modem and ZoneAlarm connecting directly to the internet for email, surfing and downloading. I have other PC's but they are not connected to the XP machine or the internet . I want to impliment a new setup to network all my pc's in a secure way:
- A machine for email only with firewall setting to only allow email traffic to my ISP's email server address. Traffic to any other address or non-email traffic should be blocked. Any email based attacked should be trapped here.
- A machine for surfing and downloading but no email traffic should be allowed in or out and any suspect traffic should be blocked (I don't need VoIP or anything fancy). Any web-based attacked should be trapped here.
- Other machines on the internal LAN should be able to talk to each other but not to the email or surf machines directly and no traffic should be allowed in or out between my internal machines and the internet.
- To get files from the email or surf machines onto my other PC's I was thinking about running one of the simple FTP server programs on the email and surf machines and setting the firewall so that they would only respond FTP requests from my internal machines (it's my understanding that using FTP is more secure than setting up shared drives).
- The email and surf machines should be completely isolated from the other machines on the LAN other than by responding to incomming FTP requests from LAN machines. The LAN machines should be completely isolated from the internet but they should be able to talk to each other using standard windows protocols and to the email/surf machines via FTP only.
Will my new setup work (i.e. be secure) and what hardware is out there to do the job?
I've looked at a few integrated ADSL modem/firewall/router units but the ones i've looked at don't offer enough control over how the various local machines can communicate with each other or the internet.
I really want to be able to specify rules per machine (or type of machine at least). I could probably do all this using multiple firewall devices but it's likely to get expensive and I don't want to go much over $1500US. Also I'm not a security expert so something with a reasonably friendly interface would be a bonus (but not essential).
Thanks in advance!
Karl.