- Posts: 521
- Thank you received: 0
Using a 501 as a router
21 years 2 weeks ago #1688
by tfs
Thanks,
Tom
Replied by tfs on topic Re: Using a 501 as a router
I also agree with the single use for a firewall, except in small offices where you are using a firewall meant to be used as a DSL or Cable router.
The problem is that just because you can do something doesn't mean you should. You should look at the needs and only use what you need.
For example, there is an article the current Infoworld (11/3/03) comparing three firewalls: the WatchGuard Vclass V80 ($9,990), Fortinet FortiGate-500 ($9,995) and the SonicWall Pro 330 ($2,795). The SonicWall performed well against the MUCH more expensive firewalls.
The Fortinet firewall was rated to handle 2000 vpn tunnels, but they could only get 1023 to work. The SonicWall could handle up to 843, but then the tunnels started breaking down. I don't know what the advertised number of tunnels are, but in the case of the Fortinet, obviously, just because it says it can handle that - doesn't mean it can or handle it very well. Also, if you take the VPN tunnels to its limits, how well is it handling its primary responsibilities as a Firewall.
Sahirh: Timeline comes to our theatres on Nov 26th. The trailers look great. I love time movies, so am really looking forward to this one. As you said, the book was great.
The problem is that just because you can do something doesn't mean you should. You should look at the needs and only use what you need.
For example, there is an article the current Infoworld (11/3/03) comparing three firewalls: the WatchGuard Vclass V80 ($9,990), Fortinet FortiGate-500 ($9,995) and the SonicWall Pro 330 ($2,795). The SonicWall performed well against the MUCH more expensive firewalls.
The Fortinet firewall was rated to handle 2000 vpn tunnels, but they could only get 1023 to work. The SonicWall could handle up to 843, but then the tunnels started breaking down. I don't know what the advertised number of tunnels are, but in the case of the Fortinet, obviously, just because it says it can handle that - doesn't mean it can or handle it very well. Also, if you take the VPN tunnels to its limits, how well is it handling its primary responsibilities as a Firewall.
Sahirh: Timeline comes to our theatres on Nov 26th. The trailers look great. I love time movies, so am really looking forward to this one. As you said, the book was great.
Thanks,
Tom
20 years 10 months ago #2448
by sidd
Replied by sidd on topic Using a 501 as a router
Hi,
Using the pix firewall inside interface as a dhcp server you need to give the following commands on the pix firewall.
Following are the commands that you need to give in the PIX firewall config to make it work as a DHCP server for the inside network or hosts.
dhcpd address 10.0.1.101-10.0.1.200 inside
(10.0.1.101-10.0.1.200 inside) => This is the range that we define on the inside interface fo the pix firewall and the machines would get an ip address from this range.
dhcpd dns 64.238.96.12 66.180.96.12
( 64.238.96.12 66.180.96.12 ) => This is the ip address of the DNS servers which are placed at your ISP's end
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
(This command enables the dhcp on the inside interface of the pix firewall)
To make the outside users able to come to your internal servers give the static commands
Incase u have any issues get back to me
Sidd
Using the pix firewall inside interface as a dhcp server you need to give the following commands on the pix firewall.
Following are the commands that you need to give in the PIX firewall config to make it work as a DHCP server for the inside network or hosts.
dhcpd address 10.0.1.101-10.0.1.200 inside
(10.0.1.101-10.0.1.200 inside) => This is the range that we define on the inside interface fo the pix firewall and the machines would get an ip address from this range.
dhcpd dns 64.238.96.12 66.180.96.12
( 64.238.96.12 66.180.96.12 ) => This is the ip address of the DNS servers which are placed at your ISP's end
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
(This command enables the dhcp on the inside interface of the pix firewall)
To make the outside users able to come to your internal servers give the static commands
Incase u have any issues get back to me
Sidd
Time to create page: 0.120 seconds