SmoothWall Corporate Server 3.0: an enterprise firewall for under $1,000

Email:

Home
In This Issue
Email a Friend
EasyPrint

PRODUCT REVIEW
SmoothWall Corporate Server 3.0: an enterprise firewall for under $1,000
By David Gewirtz

Unless you've been living under a rock, you know about the need for a firewall to safeguard your computer and your network. But while there's been much discussion about personal firewalls for individuals (and anyone behind a Linksys or NETGEAR router has some level of protection), there's been very little discussion about how to accomplish the same thing at the organizational level.

One of the more interesting challenges is how to route IP traffic to the correct machine behind the firewall if you have multiple machines that need to get the same protocol traffic.

Some illustrations will help to clarify this. Figure A shows a network that might be behind a typical home router.

FIGURE A

The network behind a low-end router will do some port forwarding. Click picture for a larger image.

Most low-end routers and firewalls will forward traffic for a specific port (like port 80, which carries Web traffic) to one specific IP address inside the protected network. However, many corporate networks have multiple machines using a given protocol, and for which traffic must be directed.

ZATZ, for example, has five separate Web servers, each handling a different part of our content management system and all needing to respond to requests on port 80. We also have two separate email servers, our Exchange server and our list server, both needing to respond to requests on port 25.

Figure B shows a simplified version of such a network.

FIGURE B

Multiple IPs route to different machines and different ports. Click picture for a larger image.

In this example, we have three separate networks, the red network, the green network, and the orange network. The red network is the connection to the Internet and is unprotected. The green network is completely protected from the Internet and its clients never appear to be on the network. It's primarily used for client machines and intranet machines that never need to be seen outside.

The orange network is the DMZ (De-Militarized Zone). It's where the outward facing servers exist. However, we want to make sure that the machines on the orange network get their desired traffic while not getting undesirable traffic. In the above example, we have one corporate server getting Web traffic, one list server getting SMTP mail traffic, and the Exchange server which needs to get both Web and SMTP traffic.

Finding a low-cost solution to an expensive problem
We decided to see if we could find a firewall solution that could accomplish this, while handling the load of a typical company, and still remain under $1,000. There are many high-end, standalone firewall appliances that will accomplish this sort of thing, but you'll wind up spending at least $3,000, and often going above $20,000 for something that can handle a real load.

[ Next ]

Home · News · Back Issues · Credits/Trademarks · Link To Us

-- Advertisement --
EASY DEDICATED AND VIRTUAL DEDICATED SERVERS FOR AS LOW AS $67.99 PER MONTH
Customize and configure your own dedicated server. Simply choose one of our popular plans or select your own Linux or Windows server and plan options.

NO LONG WAITS. Server provisioned within hours.

Tap here now and be up and running with your own server tonight.

-- Advertisement --
BECOME CONFIDENT AND PRODUCTIVE WITH OUTLOOK 2007 IN SIX WEEKS
You can become a confident, productive user of Outlook 2007 in six weeks.

The Introduction to Outlook 2007 online course makes it happen in just twelve short lessons. The course features an instructor-led online discussion forum, regular assignments and quizzes, printable class notes, and a certificate of completion.

Learn more, then register today, at http://www.ed2go.com/courses/io7.