1. Home
  2. Networking Firewalls
  3. Network/Router advice wanted

Network/Router advice wanted

I would like advice on protecting upwards of 10 clients on a Windows

2003 server where only 2 users require internet access My own home network is well provided for using a 4 port combined NAT switch/router/firewall (I have a Draytek 2600 which has a number of firewall features included).

My initial thought would be to connect a similar router to one of the

16 ports on the switch that serves all 10 users and configure it to only allow the 2 users internet access. I would appreciate any comments on this and whether there would be better choice for the router (It would not need to include a switch for instance or act as a DHCP server although the Draytek does provide for a VPN as well) Ideally a similar router to the Draytek that had say 16 ports might be the answer and replace the existing switch with it but these seem to be hard to find

Finally am I right in thinking that for a basic network it is a wise to keep the server software as simple as possible and invest in the external router for protection (ie avoiding ISA Server)

Many thanks

Mike

Reply to
Mike Saunders
Loading thread data ...

I think the first thing you need to do is decide on what kind of price range you are looking to be in. Also, how important is this data that you are looking to protect? A router is not the same thing as a firewall & the levels of protection and functionality are different.

Forget looking into finding a router or firewall with a 16-port switch built in. If you could find any that'd seriously limit your choices. Keep the switch separate from the router/firewall and you preserve the capability to upgrade either unit as your needs change in the future.

So provide us with a price range and what you are looking to protect and then we can help you more. A firewall appliance may suit you better than a router.

One thing is for sure, if you are looking to have 10-12 users connected along with 2 VPN tunnels you'll need to look beyond the cheap disposable boxes you find in the chain stores. You'll need something with enough horsepower to keep things responsive & you'll want the feature-set required to only allow the users you wish to have access to the internet.

Reply to
gray.wizard

Thanks for your reply. The requirement is for only 2 users to access the internet. One is limited only needed to connect to the bank to autorise BACS transfers the other being full intenet access with email. There will not be any access required inbound unless requested by the client. The NAT facilities I have stop all unwanted penetration from outside and the other facilities provided allow me to configure which clients can get out. If there are more considerations to be taken into account re the firewall please let ne know. I would say the full internet client would have a software firewall to warn hiom of outbound and also run in restricted mode when using his browser

As my device combines ADSL modem/ router/swich I would just like to be clear what separate items I need and how thay are configured

Also with Windows 2003 server SBS do I take I do not need a router as the software takes care of these issues

As for cost bear in mind it is a very simple requirement

Thanks

Mike

Reply to
Mike Saunders

The SOnicwall 1260 has 24 ports - but never used it!

Reply to
CCMiami

Since banking is done through the internet connection and you need precise control over what each user can do you will want to probably forego the cheap devices you see at Best Buy, Circuit City, etc. I don't know how creative your users are, but you may find that your biggest assaults on your security came from the inside rather than the outside as your users get creative and try to access the internet.

I'm going to refrain from recommending any particular pieces of equipment because there are people in this newsgroup who spec out and install equipment day in and day out for people in your exact circumstance so I will bow to their greater expertise as I don't want to inadvertently send you down the wrong road.

Reply to
gray.wizard

A very nice router at a very not-so-nice price. Figure in the cost of a support contract as well so you have hardware failure coverage & access to new versions of the SonicOS and we are talking a major investment.

Reply to
gray.wizard

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.