Announcement

Collapse
No announcement yet.

"Distributed" Firewalling

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • "Distributed" Firewalling

    Hi

    I've been asked to find and implement a fairly unique firewall concept (well at least in my opinion)

    Info/Background:
    This entity has over 400 units/branches in South Africa.
    Every unit consists of 1-2 xp workstations connected directly to the net through an adsl line.
    All these units connect to the same ISP.
    They do not want the units to connect through Headoffice.

    First prize:
    They want a firewall solution/ content filter that can be installed independantly on each unit pc.
    This software needs to query a central database or server on every request where we specify the rules and or content filters.

    Does software like this exist and if so could someone please point me in the correct direction.

    Second Prize:
    Should we host a firewall/server at the ISP and request that all traffic from the relevant lines be passed through this machine instead of directly out on to the WWW ?


    Thanks

    Brink

  • #2
    Re: "Distributed" Firewalling

    I think you can have the ISP set you up with your own network within his
    ________
    ARIZONA DISPENSARIES
    Last edited by DYasny; 6th March 2011, 18:13.
    Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

    BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

    Comment


    • #3
      Re: "Distributed" Firewalling

      this might worth looking for:
      http://www.checkpoint.com/products/h...-1_022007.html
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: "Distributed" Firewalling

        I can offer a possibility that answers half of your "First Prize" question. For distributed content filtering, I have some experience with the mobile filtering service provided by 8e6: http://www.8e6.com/mobile-filter.html

        It's not a solution to your firewall needs though. Definitely talk with your ISP first and see if you can work anything out with them. That would be much simpler than the alternatives.

        Just my two cents.
        Wesley David
        LinkedIn | Careers 2.0
        -------------------------------
        Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
        Vendor Neutral Certifications: CWNA
        Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
        Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

        Comment


        • #5
          Re: "Distributed" Firewalling

          thanks for the info Nonapeptide

          The solution offered by 8e6 should fit like a glove.

          Now to get pricing on it

          Comment


          • #6
            Re: "Distributed" Firewalling

            If I read the provided site from 8e6 I think Check Point does the same including that Check Point is a Firewall and is for offices.
            I'm quite impressed in what 8e6 offers however sadly enough there isn't a firewall which is as least as important.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: "Distributed" Firewalling

              Tx Dumber

              What you say is true, the firewall will be nice to have, but since these offsite units are 99% only 1 pc on an DSL line, there isnt much to protect, If i'm not mistaken, they are using decent AV software and emails are filterred and scanned at H.O.

              The solution they are aiming for is more for the human factor , bad browsing habbits in short. But to manually update 400+ units one at a time with generic pc based fw software...no-thankyou not me.

              Comment


              • #8
                Re: "Distributed" Firewalling

                So you don't mind that one of the clients can get compromised?
                For a nice firewall solution on the client side you can have a look at Mcafee Firewall in combination of ePolicy Orchestrator for central management.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment

                Working...
                X