You mean _PROTOCL HANDELING_, I believe. I do not know, why people are paying so much attention to it. Important questions are: - which services are you providing for the public? - who will handle all your SSL sessions, if any (may be, Load Balancers? Then you do not bother about FW proxy for them); - who will handle all http requests (yes, proxy can help here, but it is not the only way); - who will inspect mail content (not SMTP protocol, but attachments etc)? - who will handle your ssh sessions, if you have inbound shh? - who will handle your inbound VPN or PPTP, if you use it? - are DDOS attacks dangerous for you (you host SCO, for example) or not (you provide specific servic for 100 companies, not for wide public); - do you use host level IDS / change control? PIX is excellent firewall... for many purposes, but not for others (and not as a proxy, of course). It is impossible to select anything without knowing answers on this questions... AlexeiRoudnev ============
As much as I hate to follow up my own post, I suppose I was a bit too vauge for my own good =]
We do not run any cisco gear and we are in a Class A data facility.
By proxy I did not mean to imply NAT. I cannot remember the proper term but what I mean is full packet handeling as opposed to packet inspection.
Security is important but the budget limit is only up to about 3K. I have been trying to get the client a firewall for some time and am just now getting the go ahead.
Sorry for any vaugeness but I usually like to not say to much as to sway opinions one way or another and to learn more as any knowlege I have may be wrong or out of date.
Nicole
On 16-Mar-04 Unnamed Administration sources reported Nicole said :
Hi I am looking for a good but reasonably priced firewall for a 40 or so server site. Some people swear by Pix, others swear at it a lot. Also I have heard good things about Netscreen. Or any others you would recommend for protecting servers on a busy network. Don't really need anything with VPN just the standard http, ftp, ssh, https, type traffic up to 100mb throughput. From what I have heard a proxy firewall would be best?
Thanks in advance!!
Nicole