Happy Pharmaceuticals, Inc. has a three site enterprise network that is connected to the Internet at multiple points. Currently the company is not using firewalls, but instead has a few older proxy servers that are limited in scalability and functionality. The company's business has been growing so it is upgrading its current dual T1 connections from the central site network to higher bandwidth T3 connections. The two regional sites will be upgraded from fractional T1 connections to the Internet to full T1 connections.
Current and Future Firewall Requirements
Happy Pharmaceuticals requires its network to be highly available, achieving at least a 99.99% uptime; otherwise known as 'four nines' availability. Any firewall technology put in place must be able to maintain 'four nines' availability, at a minimum. Having a backup firewall on 'hot' standby, ready to take over from the primary firewall is a viable option, if it is not cost prohibitive. The current planned connection to the Internet from the Central Site is over dual T3 connections. The T3's go to separate ISPs and will both be used for traffic. (see figure 1) The firewall solution chosen must be able to process high speed traffic since a switched Fast Ethernet connection is on one side of the firewall (100 Mbit/s) and a 45 Mbit/s T3 connection is on the Internet side. The majority of the traffic will be FTP and HTTP traffic and more than 3000 user sessions are possible at any given time. Since the company has developed some of their own applications for use over the Internet, the firewall should provide some capability to customize security features to address new or unknown applications. The firewall should be able to handle up to 3000 user sessions and still provide additional room for growth. Since Happy Pharmaceuticals' network is growing, the network managers want to run Network Address Translation (NAT) on the firewall to allow them to use a larger IP address space. The Firewall solution should not negatively affect the network performance even with NAT running. Centralized management of all the firewalls, central site as well as remote site, is critical since there is limited resource available on the IT team and travel between sites is very costly. Each firewall's rule base should be stored and updated in one single location and distributed securely to each firewall as needed. Figure 1 shows the proposed location of the firewalls throughout the upgraded network. A strong security logging capability and log file analysis with report generation is also required. This capability can be built into the firewall or a separate workstation on the network. It could be a 3rd party product that interfaces with the firewall completely. If an attempted attack or break in occurs and is logged, the firewall should have some mechanism to page a network manager or alert the standard network management platform. Happy Pharmaceuticals is expecting to receive a plan that describes the number of firewalls required to meet the above requirements and the recommended configuration of the firewalls. A total cost for the solution is also required as well as the cost of any 3rd party software that the vendor recommends for log file analysis. Diagram 1. Happy Pharmaceuticals Proposed Future Network Vendor responses:|
|
|
|
The responses
See how 12 vendors responded to this RFP.
Review: Firewalls
Raptor Firewall 6.0 takes top honors in our testing. Network World, 7/19/99.
Issues and trends
Where the firewall market is headed and what to look for. Network World, 7/19/99.
Interactive buyer's guide
Detailed specs on 52 models. Find the one that meets your criteria or compare two or more models on different specs.
Forum: Firewalls
Post your firewalls questions and discuss their use in this forum.
Firewalls to the rescue
Interviews with firewall users. Network World Fusion, 7/19/99.
