If I wanted to build and colo a Win2K box at a facility like affordablecolo.com, how do I go about firewalling that machine? I've always run my own datacenters so rackspace costs were not an issue and I just put up a switch and a firewall box in front of the server.

So if the money is coming out of my own pocket and I want to keep everything in a 1U space, how do I firewall that Win2K machine?

Charles, (Affordablecolo.com) may be able to offer you a firewall solution for a small monthly fee. I'm sure he will see this post, if not drop them an email and ask, most colo's can do this for you.

Rackmy.com also frequents this forum and I am pretty sure they do Win2K boxes and colo service.

You could always go with a software firewall such as Tiny or for a better solutions go with a Netscreen 5 (depending on the amount of traffic) which is very small (1.25"x 6"x5") and should fit in fine with your server.

i believe the old company i worked for had tiny on the win2k server. it was pretty good from what i would overhear the tech guys saying. if you couldn't go with a hardware firewall that is. but, yeah, i'll leave that up to the pros to answer in more detail.

I guess the most important question is, what are you trying to accompolish with the firewall? If it is port blocking, or logging, you can do that simply by securing your Windows installation (I am sure there are tutorials about how to do this on the web). If you are looking for more advanced features, then you would either need to see if AC has a managed firewall solution, or if you would be able to slide a device, like a netscreen, into the rack as well.

FWIW: I don't particularly like the idea of running a firewall on the server you are trying to protect. Security works best when it is done using a layered approach, and if you put the firewall on the server, you have collapsed two of those layers. Of course keep in mind that IANASC.

Originally posted by RackMy.com
You could always go with a software firewall such as Tiny or for a better solutions go with a Netscreen 5 (depending on the amount of traffic) which is very small (1.25"x 6"x5") and should fit in fine with your server.

I can't afford a brand new netscreen but is a 3 year old netscreen work $2500? The person gave me the serial number of the netscreen 100a 0a98 0003

The case is more or a grey color. I think the newer ones are blue.

Originally posted by ClusterMania

I can't afford a brand new netscreen but is a 3 year old netscreen work $2500? The person gave me the serial number of the netscreen 100a 0a98 0003


That's a little high, but the 100s seem to be going to for about $2K on ebay. Look at a 5 or 10 model instead:

http://search.ebay.com/search/search.dll?MfcISAPICommand=GetResult&ht=1&SortProperty=MetaEndSort&query=netscreen

That's a little high, but the 100s seem to be going to for about $2K on ebay. Look at a 5 or 10 model insteadThe choice of Netscreens depends on the amount of traffic you are going to push. The models vary by the amount of concurrent TCP sessions you can have (the nice things is that all netscreen's run the same OS).

NS 5 - 2000 concurrent sessions
NS 10 - I think 6000 concurrent sessions
NS 100 - 128,000 concurrent sessions

Originally posted by RackMy.com

(the nice things is that all netscreen's run the same OS).


The downside is that they have some of the most messed up ads I have ever seen (like the one with the scorpion and its larvae, yuck)

I have never seen them, LOL :)

Originally posted by RackMy.com
I have never seen them, LOL :)

They used to run in InterActive Week, etc, I'll have to see if I can dig one up and scan it in...

Nevermind, someone did it for me (PDF File):

http://www.netscreen.com/aboutus/pdf/Scorp2p2.pdf

Originally posted by uuallan
Nevermind, someone did it for me (PDF File):

http://www.netscreen.com/aboutus/pdf/Scorp2p2.pdf


Nasty! I suppose it would catch your attention, but I would want to turn the page right afterwards, yuck!

In an installation where rack space isn't an issue (read: at work) we've had some good success with the Cisco PIX 506 which can be had for around $1,400 new. We currently have one site running over 3 million page views per month through a PIX 506 with no problems.

Now, since I was asking for a personal set up, $1,400 for a firewall is not an option! :)

Yep, the PIX is very nice but I still like the ease of use with the Netscreen. Surprisingly, I do think the PIX may be cheaper thought!

RackMy:

PIX is tougher because it has a command-line interface rather than a GUI. If you're familiar with configuring Cisco routers, the PIX is a piece of cake. However, I was told by a consultant that we work with (just yesterday, as a matter of fact) that he has a BIN file you can load on the PIX that gives it a GUI!

GUIs are for suckers :). Command lines rule :). Seriously, I have been configuring Cisco stuff from the command line for so long that the one time I tried to do a switch configuration from the web interface it took me about 5 times as long.

Actually I have worked on both and still think the Netscreen is a whole lot easier :) We don't use the web GUI on the Netscreens, rather out-of-bandwidth console (command line). I do have to say we have several customers who run Netscreens and LOVE the GUI.

uuallan, I agree most GUIs are clumbsy but there are a few good ones out there

Originally posted by RackMy.com
Actually I have worked on both and still think the Netscreen is a whole lot easier :) We don't use the web GUI on the Netscreens, rather out-of-bandwidth console (command line). I do have to say we have several customers who run Netscreens and LOVE the GUI.

uuallan, I agree most GUIs are clumbsy but there are a few good ones out there

RackMy, have you worked with the older Netscreen 100a? I think the case is grey and I was told it's not upgradable. Is it much less powerful than the ones with the blue case?

Heres the link
http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=1318235484

"I can't afford a brand new netscreen but is a 3 year old netscreen worth $2500? The person gave me the serial number of the netscreen 100a 0a98 0003

The case is more of a grey color. I think the newer ones are blue."

Yep, I don't think you can upgrade the old 100a. I would stay way from ebay on those as they go for way to much. For example I just checked with a couple of people and these are some deals I have seen over the last couple of weeks:

We have the following new factory sealed NetScreen systems at 70% off list:
(2) NetScreen 1000 at $18,000. each
We have the following new open box NetScreen systems at 70% off list:
(2) NetScreen 100 at $2390. Each.We have (2) NS 100s in stock and can overnight for you at $3500 3 - Netscreen 100's Brand New, Unopened - $3400 each

Originally posted by RackMy.com
Yep, I don't think you can upgrade the old 100a. I would stay way from ebay on those as they go for way to much. For example I just checked with a couple of people and these are some deals I have seen over the last couple of weeks:




Hmm, I must be blind cause I can't find such good deals. Do you remember the links? Thanks