Re: Switching IP address ranges
- From: Gabriel C. Stan <GabrielCStan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 3 Feb 2006 07:11:23 -0800
Well here are some thoughts:
- First everyone has to make a buck. I have been working in financial
industry for the past 12 years and one rule of auditing is never slam the
person in charge of the system, "there are 10 ways to skin a cat" it is a
matter of personal philosophy.
- Second if the other company has a play into the money tell them to look
for the latest invention it’s called the internet. Here is the article and
the reason why it does plug-ins.
http://www.microsoft.com/isaserver/evaluation/overview/default.mspx
Quote: ISA Server contains a full featured, application-layer aware firewall
that helps protect organizations of all sizes from attack by both external
and internal threats. ISA Server performs deep inspection of Internet
protocols such as Hypertext Transfer Protocol (HTTP), which enables it to
detect many threats that traditional firewalls cannot detect. The integrated
firewall and VPN architecture of ISA Server support stateful filtering and
inspection of all VPN traffic. The firewall also provides VPN client
inspection for Microsoft Windows Server 2003-based quarantine solutions,
helping to protect networks from attacks that enter through a VPN connection.
In addition, a completely new user interface, wizards, templates, and a host
of management tools help administrators avoid common security configuration
errors.
-Third if someone has a problem with a Microsoft solution tell them not to
use Windows at all
- Forth just because SBS is cheap it does not mean is bad. Until last year I
ran my entire office on discreet MS products, MS Windows 2K3, MS Exchange2K3,
MS SQL 2k, MS MOM 2K5, MS ISA2K4 and Symantec SGS Firewall, They are all
replaced by one SBS box and the kicker is that my ISA sees things that
Symantec SGS could not (*nix based same as SonicWall) which raises the
question why some people think you need more than a firewall.
I used to believe on solid state firewalls (which SonicWall is not) but they
cannot adapt fast enough even if they use live updates, so using a firewall
that can identify any kind of signatures of bad things for you carried over
SMTP, HTTP, VPN or you name it is better as long there is someone to stand
behind it, like an “computer guy”
Do those security companies sell anything?
You keep up the good fight and if they are more comfortable they can discuss
your design on open forum, like here!
"Paul Bishop" wrote:
Its ISA 2004..
I very happy to be using ISA and a standard managed AV product like Sophos
but any security company I spoke with laughed at me.
For this one site the security is vital and the fact another company is
taking a contractual responsibility for it is worth it extra headache.
The last thing I needed was a lawsuit after the clients spoke to a security
company who said what I proposed was not good enough.
I really appreciate all the feedback and I do notice that so far no one has
ever agreed with the security companies standpoint!
P.S. They claim their product uses Deep Packet Inspection where as an ISA
server would only be a SPI firewall which is a generation out of date. I said
I thought ISA was a DPI firewall they said I didn't know what I was talking
about.
"Gabriel C. Stan" wrote:
I agree that changing from ISA to SonicWall is a bad move, but just for the
sake of argument, which ISA version are you running?
There is nothing that SonicWall can do better than ISA 2004 can and to add
to SBS any Anti-whatever will cost a fraction of what SonicWall costs.
Even if you use SBS for email only, which you may not otherwise why SBS
Premium, then you will end up with double firewall and double management.
SonicWall is using McAfee technologies if Anti-Whatever is what you need
then why not just license it from them.
Are you sure that the vendor with proper VPN requirements is not you?
Quote:
2 - The IP adddress can not be 16.X as I manage multiple sites and I already
have a sonicwall product on 16.x and it would prevent them been able to
correctly manage both of my produces (apparantly)
"Paul Bishop" wrote:
Thanks to everyone for their answers -
Just to quickly add further to many points raised
1 - The sonicwall is within my main network because it provides managed
antivirus and antispyware as well as secure VPN access. (The vendor does not
accept SBS's VPN as been a "proper" VPN)
2 - The IP adddress can not be 16.X as I manage multiple sites and I already
have a sonicwall product on 16.x and it would prevent them been able to
correctly manage both of my produces (apparantly)
Thanks for the advice and keep it comming :D
"Andrew M. Saucci, Jr." wrote:
Another possibility is simply to place the Sonicwall in between
the Internet and the SBS's WAN card rather than disrupt the entire network.
I have changed LAN IP subnets more than once on some relatively small SBS
networks and it is tedious work with LOTS of potential for error. If you do
this, be sure to shut off your cellular phone and expect an evening of total
down time, even if you can use the SBS 2003 Change LAN IP wizard, which I
imagine does a decent job of fixing the SBS but may not cover the rest of
the LAN well,depending upon what's there. You'll have to take an inventory
of every IP device on the network. Even at that, chances are some detail
will be overlooked. I would not do this without a very good reason. (My
reason was inter-client VPN capability; I just have to be able to VPN from
any of my clients to any other client, and that requires that they all have
unique LAN subnets.)
And yes-- if the Sonicwall can't be reconfigured for 192.168.16.x,
then it's almost worthless. Even a $50 router has the capability of picking
a new LAN IP subnet. I'd change the Sonicwall before changing anything else.
"Paul Bishop" <PaulBishop@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0ABF7248-CFD2-422E-8DAA-8EF2C056798A@xxxxxxxxxxxxxxxx
Hi there,
I am having a security device added to one of my small business networks
which requires me to change the I.P. address range on my SBS network from
192.168.16.x to 192.168.Something else.x - sorry for the terible notation
and spelling ;)
I am using SBS Premium which currently uses ISA but ISA will be replaced
with the sonicwall and my SBS will be in Single NIC mode.
Anyone got ny hints on the best way for a smooth transition?
- References:
- Re: Switching IP address ranges
- From: Andrew M. Saucci, Jr.
- Re: Switching IP address ranges
- From: Gabriel C. Stan
- Re: Switching IP address ranges
- From: Paul Bishop
- Re: Switching IP address ranges
- Prev by Date: Re: Remote Desktop Connection does not work
- Next by Date: Re: Help... Remote Web Workplace Issue with XP Service Pack 2
- Previous by thread: Re: Switching IP address ranges
- Next by thread: Re: Switching IP address ranges
- Index(es):
Relevant Pages
|
