Advice asked - choosing between ISA, SSL VPN, Hardware firewall etc
From: Paul De Bie (paul.de.bieNO_at_MORESPAMhnt.be)
Date: 01/27/05
- Next message: Seeker: "Re: ISA Configuration for SQL over VPN"
- Previous message: KeysiDub: "update ISA 2000 clients?"
- Next in thread: Phillip Windell: "Re: Advice asked - choosing between ISA, SSL VPN, Hardware firewall etc"
- Reply: Phillip Windell: "Re: Advice asked - choosing between ISA, SSL VPN, Hardware firewall etc"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 27 Jan 2005 14:34:07 +0100
Hi all,
I would like some advice please.
We have a simple network: 20 windows XP and 2000 workstations, two W2K
servers of which one is an Exchange 2000 server, an AS/400.
Internet ADSL router, Netscreen 5XP firewall protecting the network.
A fixed WAN IP address.
The EXchange server is protected with XWall (spam, virus, content
filter).
We are not running webservers, no remote access possibilities, in short
the only thing that comes in from the outside into our LAN is the e-mail
(port 25 forwarding in the firewall to get the mail to the exchange
box).
Now management would like:
- remote access to the mail (Outlook Web access --> IIS)
- remote access to the AS/400 (IBM iSeries Access for Web --> Websphere
Application Server))
- remote access to the security cameras ( digital recorder with built in
webserver)
etc...
OK I could accomplish this maybe with more port forwarding but I think
this would put our internal network at a much higher risk.
I talked to a security expert and he suggested me to build a DMZ. In
the DMZ I could put an Exchange Front End server for the OWA, and other
stuff I want to access from the Internet.
I studied his idea (I am not an expert BTW) and:
- I would need to buy another firewall because this one cannot handle a
DMZ. The guy proposed me a bigger Netscreen that costed around 3000 USD
- I need a second Exchange box and also another Exchange license.... I
have Exchange Standard edition wich doesn't allow for Front End/Back End
topology.
This alone would cost me several thousands of dollars (the box + the OS
+ Exchange Entreprise. )
When I arguing with the guy he suddenly proposed another magical
solution: a Netscreen 500 Remote Access SSL-VPN box. Cost between 4000
and 5000 USD.
When he was away I have browsed around a bit and I studied ISA-server.
It looks to me to be the answer to all of my problems.
I would not have to build a DMZ.
I can use it to bring the mail to the remote users (using OWA) without
compromising the EXchange server and without having to split it up in
FE/BE.
I can use it to get to the other webservers (the camera's, the AS/400)
without compromising my internal network.
I could even still use my packet-filtering firewall as a first layer of
defense.
All I need is a box + OS + ISA Server 2000.
Can you give me some advice me please?
Should I go for ISA server??
many thanks
-- Paul De Bie (to reply me: remove NOMORESPAM from my mail address)
- Next message: Seeker: "Re: ISA Configuration for SQL over VPN"
- Previous message: KeysiDub: "update ISA 2000 clients?"
- Next in thread: Phillip Windell: "Re: Advice asked - choosing between ISA, SSL VPN, Hardware firewall etc"
- Reply: Phillip Windell: "Re: Advice asked - choosing between ISA, SSL VPN, Hardware firewall etc"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
