Screening Router recommendations

Discussion in 'Cisco' started by xlr8, Sep 30, 2004.

  1. xlr8

    xlr8 Guest

    I'm about to implement a screening router for the company I work for
    and was wondering if anyone had any recommendations on suitable
    hardware.

    Requirements:
    Protect a 2Meg Internet connection (Ethernet based). I doubt we will
    expand to more than 10Meg of bandwidth in the foreseeable future.

    Syslog for logging ACL violations to a *nix host

    Netflows for Internet usage visibility

    At the moment I'm thinking of using a Cisco 2611XM or similar but
    would be interested to hear other opinions and/or experiences.
     
    xlr8, Sep 30, 2004
    #1
    1. Advertising

  2. xlr8

    S. Gione Guest

    If the Internet connection is ethernet, you might consider using a PIX
    firewall instead of a router.

    "xlr8" <> wrote in message
    news:...
    > I'm about to implement a screening router for the company I work for
    > and was wondering if anyone had any recommendations on suitable
    > hardware.
    >
    > Requirements:
    > Protect a 2Meg Internet connection (Ethernet based). I doubt we will
    > expand to more than 10Meg of bandwidth in the foreseeable future.
    >
    > Syslog for logging ACL violations to a *nix host
    >
    > Netflows for Internet usage visibility
    >
    > At the moment I'm thinking of using a Cisco 2611XM or similar but
    > would be interested to hear other opinions and/or experiences.
     
    S. Gione, Sep 30, 2004
    #2
    1. Advertising

  3. In article <SG_6d.405$>,
    S. Gione <> top-posted:

    :"xlr8" <> wrote in message
    :news:...
    :> I'm about to implement a screening router for the company I work for

    :> Requirements:

    :> Netflows for Internet usage visibility

    :If the Internet connection is ethernet, you might consider using a PIX
    :firewall instead of a router.

    PIX doesn't do netflow, and parsing the syslog to extract the flow
    information is a relatively slow process (and error-prone unless you
    consider the nuances of the various error messages quite thoroughly.)
    --
    Strange but true: there are entire WWW pages devoted to listing
    programs designed to obfuscate HTML.
     
    Walter Roberson, Sep 30, 2004
    #3
  4. xlr8

    xlr8 Guest

    -cnrc.gc.ca (Walter Roberson) wrote in message news:<cji22q$4o2$>...
    > In article <SG_6d.405$>,
    > S. Gione <> top-posted:
    >
    > :"xlr8" <> wrote in message
    > :news:...
    > :> I'm about to implement a screening router for the company I work for
    >
    > :> Requirements:
    >
    > :> Netflows for Internet usage visibility
    >
    > :If the Internet connection is ethernet, you might consider using a PIX
    > :firewall instead of a router.
    >
    > PIX doesn't do netflow, and parsing the syslog to extract the flow
    > information is a relatively slow process (and error-prone unless you
    > consider the nuances of the various error messages quite thoroughly.)


    Maybe I should elaborate a little more.

    Basically the screening router will be placed in front of two
    firewalls (The DMZ is the network between the firewalls). The external
    screening router is there for very basic protection such as general
    anti-spoofing and as a checkpoint for montoring traffic utilisation,
    hence the netflow data.
     
    xlr8, Oct 1, 2004
    #4
  5. xlr8

    Ben Guest

    2600 is a good choice, or one of the new 2700's for a lot more power and
    features in hardware at only 20% more in price.


    "xlr8" <> wrote in message
    news:...
    > -cnrc.gc.ca (Walter Roberson) wrote in message

    news:<cji22q$4o2$>...
    > > In article <SG_6d.405$>,
    > > S. Gione <> top-posted:
    > >
    > > :"xlr8" <> wrote in message
    > > :news:...
    > > :> I'm about to implement a screening router for the company I work for
    > >
    > > :> Requirements:
    > >
    > > :> Netflows for Internet usage visibility
    > >
    > > :If the Internet connection is ethernet, you might consider using a PIX
    > > :firewall instead of a router.
    > >
    > > PIX doesn't do netflow, and parsing the syslog to extract the flow
    > > information is a relatively slow process (and error-prone unless you
    > > consider the nuances of the various error messages quite thoroughly.)

    >
    > Maybe I should elaborate a little more.
    >
    > Basically the screening router will be placed in front of two
    > firewalls (The DMZ is the network between the firewalls). The external
    > screening router is there for very basic protection such as general
    > anti-spoofing and as a checkpoint for montoring traffic utilisation,
    > hence the netflow data.
     
    Ben, Oct 6, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. MR2-DUDE

    Blue Screening....Help please.

    MR2-DUDE, Sep 9, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    985
    MR2-DUDE
    Sep 10, 2005
  2. Eric Cartman
    Replies:
    0
    Views:
    483
    Eric Cartman
    May 20, 2004
  3. Writer R5
    Replies:
    78
    Views:
    1,779
    Eric R.
    Aug 31, 2004
  4. Keith (Southend)

    Thunderbird & screening/killfileing?

    Keith (Southend), Nov 2, 2006, in forum: Firefox
    Replies:
    2
    Views:
    374
    Keith (Southend)
    Nov 2, 2006
  5. danbloom
    Replies:
    21
    Views:
    881
    Tzortzakakis Dimitrios
    Mar 3, 2009
Loading...

Share This Page