Overview:
Happy Pharmaceuticals, Inc. has a three-site enterprise network that is connected to the Internet at multiple points. Currently the company is not using firewalls, but instead has a few older proxy servers that are limited in scalability and functionality. The company's business has been growing so it is upgrading its current dual T1 connections from the central site network to higher bandwidth T3 connections. The two regional sites will be upgraded from fractional T1 connections to the Internet to full T1 connections. LanOptics recently released Guardian 4.0 offers more than just a firewall. Guardian 4.0 integrates Unique MAC layer Stateful inspection with four modes of Network Address Translation, User Authentication, VPN and GuidePost Bandwidth Manager in an affordable, manageable package. Other benefits of the product include a combination of Real time monitoring separate alert file, extensive log files, which are ODBC compatible. With these features LanOptics can offer two configuration solutions for Happy Pharmaceuticals, Inc. In scenario 1, based on Hot-Standby, Happy Pharmaceuticals, Inc. would implement two full-time running firewalls for each Internet connection. The configuration of the boxes combining Guardian 4.0 with a fault tolerant add on with a heartbeat allows for transparent redundancy and would provide an automatic switch to the secondary firewall box in the case of a primary firewall failure. As the central location has dual T3 connections we propose a primary and secondary firewall on each connection residing between the router and the internal network. A primary firewall would run parallel with a secondary back up firewall available immediately. At each remote site connected with T1 lines we have the same configuration although they can be remotely managed and monitored by the central locations and do not need extra managers. In order for the manager to monitor all firewalls, it would have to be running 24x7. Based on the traffic quoted in this RFP our solution would entail 2 fully functional and running unlimited licensed firewall boxes for each Internet connection loaded with:- NT workstation 4.0
- Guardian 4.0
- Fault Tolerant add-on with heartbeat
Addressing the Requirements:
Fault tolerance for 99.9% uptimeWith Hot-Standby, an automatic emergency system is already in place. If the Primary firewall should fail, the system is set up so that it automatically is covered by the secondary firewall with no human intervention. Notes: The overall network architecture of this company does not guarantee 99.9% up time. Based upon the configuration of the routers at a minimum BGP in addition to a hot standby protocol may be desirable for better performance in the case of a router failure, the alternate router would be able to pick up the traffic. High Traffic
Guardian unlimited license pack easily handles 3000+ sessions occurring simultaneously and has no limitations beyond the hardware. Customize Security features
Guardian 4.0 Manager easily sets up strategies with definable services so Happy Pharmaceuticals can create and implement new and unknown applications on an ongoing basis. Network Address Translation (NAT)
NAT is a functioning part of Guardian 4.0 firewall and is easily configured to work in conjunction with the other components of the firewall. Alerting Mechanism
Configurable as an email alert which can be set up to send a page. Centralized Management
One manager can remotely control all administration and management of all the firewalls included in this RFP. Each of the rule bases can be stored and updated easily from one central location. Security logging and report generation
The separate manager for monitoring and recording log files to an existing SQL server or Access database offers an independent and effective process to control and log records.
Hardware Cost:
LanOptics assumes that the customer will use customer standardized PCs to reduce maintenance cost and avoid any lost time and productivity used in setting up and learning new equipment. Software Cost: Firewalls Central Site (x4 2-connections)Total Software cost for Scenario 1, Total: $ 66,144.00Fault tolerant add on, with a heartbeat $1725.00 NT Workstation 4.0 $319.00 Guardian 4.0 Firewall Agent Unlimited License $8980.00 Sub Total: $11,024.00x4 $44,096.00Remote Site (x4 2-locations)Fault tolerant add on, with a heartbeat $1725.00 NT Workstation 4.0 $ 319.00 Guardian 4.0 Firewall Agent Unlimited License $8980.00 -------------------------------------- Sub Total $11,024.00 x2 $ 22,048.00 Manager Guardian 4.0 Manager no cost
In scenario 2, based on Cold-Standby, Happy Pharmaceuticals, Inc. would implement only one full time running firewall on each Internet connection. A secondary firewall box would be ready on standby, but would not function until it is actually physically switched on and over which can be done remotely. Since the requirement is 99.9% uptime, this allows for 1/2 day downtime which easily allows for numerous switchovers which should take 10 minutes at most. This entails 1 fully functioning and running unlimited Guardian firewall on the primary firewall box and a standby version installed on the backup server; 4 at the central location, 2 each at the remote locals.
As the central location has dual T3 connections we propose a primary and secondary firewall on each connection residing between the router and the internal network. At each remote site connected with T1 lines we have the same configuration although they can be remotely managed and monitored by the central location and do not need extra managers. In order for the manager to monitor all firewalls, it would have to be running 24x7.
Based on the traffic quoted in this RFP our solution would entail 2 fully functional and running unlimited licensed firewall boxes for each Internet connection loaded with:
- NT workstation 4.0
- Guardian 4.0
Addressing the requirements:
Fault tolerance for 99.9% uptimeCold-Standby offers an available firewall ready to be installed in the case of the primary firewall failing. An alert will notify staff who will then switch the firewalls. The benefit of this scenario is based primarily on cost as Happy Pharmaceuticals, Inc. will only be required to purchase one fully licensed firewall for each Internet connection and will not be required to purchase Octopus 3.2.
Notes: The overall network architecture of this company does not guarantee 99.9% up time. Based upon the configuration of the routers at a minimum BGP in addition to a hot standby protocol may be desirable for better performance in the case of a router failure, the alternate router would be able to pick up the traffic.
All other requirements are addressed the same as in Scenario 1.
Hardware Cost:
As in scenario 1, LanOptics assumes that the customer will use customer standardized PCs to reduce maintenance cost and avoid any lost time and productivity used in setting up and learning new equipment.
Software Cost
Central Site
Primary Firewalls(x2 2-connections)
NT Workstation 4.0 $319.00 Guardian 4.0 Firewall Agent Unlimited License $8980.00 -------------------------------------- Sub Total: $9299.00 Total x2 $18,598.00Secondary Firewalls(x2 2-connections)
NT Workstation 4.0 $319.00 Guardian Firewall no cost -------------------------------------- Sub Total: $319.00 Total x2 $638.00Remote site
Primary Firewall (x2 2-locations)
NT Workstation 4.0 $319.00 Guardian 4.0 Firewall Agent Unlimited License $8980.00 -------------------------------------- Sub Total $9299.00 Total $18,598.00Secondary Firewalls(x2 2-connections)
NT Workstation 4.0 $319.00 Guardian Firewall no cost -------------------------------------- Sub Total: $319.00 Total x2 $638.00 Manager Guardian 4.0 Manager no costTotal Software cost for Scenario 1, Total: $38,472.00 The RFP
Vendor responses:
|
|
|
|
Firewall RFP
See what the vendors are responding to. Includes links to all the RFP responses.
Review: Firewalls
Raptor Firewall 6.0 takes top honors in our testing. Network World, 7/19/99.
Issues and trends
Where the firewall market is headed and what to look for. Network World, 7/19/99.
Interactive buyer's guide
Detailed specs on 52 models. Find the one that meets your criteria or compare two or more models on different specs.
Forum: Firewalls
Post your firewalls questions and discuss their use in this forum.
Firewalls to the rescue
Interviews with firewall users. Network World Fusion, 7/19/99.
