Home Network - Firewall Question

I have each the 8 rooms in my home wired with Cat 5e cable, and all 8 wires
lead down to my basement where my cable source comes in..... Then it goes
like this....

- Cable IN goes to my cable modem via a splitter.
- Cable Modem OUT goes to Firewall IN (4 port Netgear)
- Firewall OUT goes to UPLINK of 8 port switch.
- Each of the 8 cables go into the 8 port switch.

Question.....

1. Is this the best method?
2. Will there be a bottleneck at the firewall?
3. Should I use all 4 ports of the router?
4. Is there an alternate method that would reduce the number of "boxes" from
3 to 2.

Bill

This is an alternate method:


cable co<.------->cable router<------------>NIC1 of "master" pc running
ZoneAlarm(DHCP)<----------->NIC2(192.168.0.1)<----------->Switch<------>Rest
of my computers(192.168.0.2-10)

I.e., you could ditch the firewall box.









"Bill" <> wrote in message
news:4l1Nb.26990$_...
> I have each the 8 rooms in my home wired with Cat 5e cable, and all 8
wires
> lead down to my basement where my cable source comes in..... Then it goes
> like this....
>
> - Cable IN goes to my cable modem via a splitter.
> - Cable Modem OUT goes to Firewall IN (4 port Netgear)
> - Firewall OUT goes to UPLINK of 8 port switch.
> - Each of the 8 cables go into the 8 port switch.
>
> Question.....
>
> 1. Is this the best method?
> 2. Will there be a bottleneck at the firewall?
> 3. Should I use all 4 ports of the router?
> 4. Is there an alternate method that would reduce the number of "boxes"
from
> 3 to 2.
>
>

jdirt

IF you replaced the 4 port Netgear with a 16 port (assuming Netgear offers
one, at a reasonable price) you would not need the switch. From your diagram
(?)...the switch merely makes up for the lack of ports on the
Firewall/router.

In your current configuration; I would use the switch for all the network
interfaces. The additional ports on the Netgear, might be useful for a DMZ
or additional switches as your network expands. It would be simpler to keep
everything configured the same (all on the switch) just for consistency,
there is no need to introduce complexity just for sake of appearance.

I would be reluctant to remove the appliance (Netgear) in favor of PC/Wkst.
configured as a router. The OS hardening, loss of function as a working
node, if you properly harden the OS of the PC working as a server...you
should not run IE, Telnet, Ftp or any other non-essential services on it. If
it is used as a router/firewall, that should preclude using it as a file
server or any other exposure to your inner network. I don't see the benefit,
for a small network.

How you chose to use ZA should be approached as a separate issue. ZA does
have some benefits, it makes its presence known more so than the average
appliance and is easily updated. Be aware, that ZA was recently purchased by
CheckPoint...there may be licensing changes, expenses coming in the near
future that may cause you to rethink using the "free" version of ZA.

Bottom line...what you have is not bad, the previous post has merit too. My
suggestion is based on your desire to simplify and standardize...otherwise
keep it the way it is, this could fall in the class of ..."If it ain't
broke"?


"Bill" <> wrote in message
news:4l1Nb.26990$_...
: I have each the 8 rooms in my home wired with Cat 5e cable, and all 8
wires
: lead down to my basement where my cable source comes in..... Then it goes
: like this....
:
: - Cable IN goes to my cable modem via a splitter.
: - Cable Modem OUT goes to Firewall IN (4 port Netgear)
: - Firewall OUT goes to UPLINK of 8 port switch.
: - Each of the 8 cables go into the 8 port switch.
:
: Question.....
:
: 1. Is this the best method?
: 2. Will there be a bottleneck at the firewall?
: 3. Should I use all 4 ports of the router?
: 4. Is there an alternate method that would reduce the number of "boxes"
from
: 3 to 2.
:
:


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.560 / Virus Database: 352 - Release Date: 1/8/2004

zenner

You existing setup is probably best. For heavens sake don't ditch the
Netgear.
It is a much better approach for protecting you than turning one of the PCs
into a "firewall."
TOO many things you would have to do to the PC.
J
--
Check my web site for tips on insuring safe computing in wired and wireless
homenetworking environments!
www.pccitizen.com

"Bill" <> wrote in message
news:4l1Nb.26990$_...
> I have each the 8 rooms in my home wired with Cat 5e cable, and all 8
wires
> lead down to my basement where my cable source comes in..... Then it goes
> like this....
>
> - Cable IN goes to my cable modem via a splitter.
> - Cable Modem OUT goes to Firewall IN (4 port Netgear)
> - Firewall OUT goes to UPLINK of 8 port switch.
> - Each of the 8 cables go into the 8 port switch.
>
> Question.....
>
> 1. Is this the best method?
> 2. Will there be a bottleneck at the firewall?
> 3. Should I use all 4 ports of the router?
> 4. Is there an alternate method that would reduce the number of "boxes"
from
> 3 to 2.
>
>

John D Loop

> 1. Is this the best method?

Looks sound. we have a very convoluted network
it involves

ISP
V
a router/modem box acting as a bridge
V
IPCOP box as fire wall
V
2 Switches and a hub to get the cables round the house!

so, in terms of simplicity i think you are doing just fine

> 2. Will there be a bottleneck at the firewall?
What speed is the cable and what speed is the network?

> 3. Should I use all 4 ports of the router?
not necessarily. if you had three boxes on the router and 5 on the
switch then you have a bottle neck between the router and the switch. it
depends on your network traffic. so you have lots of traffic from box to
box, or are you using it mostly for the Internet?

> 4. Is there an alternate method that would reduce the number of "boxes" from
> 3 to 2.
yes, super glue

joe

joe

* John D Loop <>:
> You existing setup is probably best. For heavens sake don't ditch the
> Netgear.
> It is a much better approach for protecting you than turning one of the PCs
> into a "firewall."
> TOO many things you would have to do to the PC.
> J

Oh ya definatly you have to dl the iso of ipcop or smoothwall and
install it, then the patchs. Yep way way too much to do there.

Jason

Jason