Using Windows as Firewall

[Wayne]

Hi

I plan to implement a basic windows computer as a
firewall. It will have two NIC's. Also, checkpoint
Firewall-1 software will be installed on this machine. The
T-1 connection will be plugged into our Cisco 1721 router.
The router will be connected to some switch. The Firewall
machine will also be connected to the switch, along with
company workstations. We run a windows environment.

My question is: What flavor of Windows should I or do I
need to install on the Firewall machine? Will Windows 2000
Professional work just fine? Or do I need Server Standard
Edition? Maybe Windows XP would be even better?

We'll be buying a new machine to serve as the Firewall
since we don't have any spare machines lying around. Do
you have any recommendations for hardware (memory, nic
brands, etc.)? We are a small business with 10-20 users;
not much bandwidth or hardware resources being used. But
once or so each week we will transfer very large files,
totaling about 800 MB - 1 GB.

 

[Karl Levinson [x y] mvp]

Agreed.

Even better, I personally would really consider buying a firewall appliance
instead, fewer moving parts for more reliability, cheaper, fewer unnecessary
services and fewer patches requiring reboots. www.netscreen.com
introductory firewall starting around $550 US comes with well-rated VPN,
bandwidth shaping, content filtering, reporting, and a bunch of other
features that cost lots of extra $$ from Checkpoint. If you really wanted
Checkpoint, there are checkpoint appliances such as www.intrusion.com and
www.nokia.com starting around $600 to $1000. In the past, Checkpoint on
Windows has had some speed problems that become visible on busy network
connections, and may never be as fast as Checkpoint on other OSes.
[Checkpoint support is also pricey and costs extra, even to get into their
self help knowledge base.]

Also, if you have to ask these questions, then you really want to hire a
trusted security expert. A firewall's security depends entirely on how well
it is configured, and one mistake can be your undoing.

There are even respected free firewalls that boot off of a boot CD and run
on an old 486 computer you might consider:

http://securityadmin.info/faq.htm#firewall

 

[Wayne]

Thanks for your response. I initially wanted to go with a
firewall applicance because of the benefits you've
suggested. However, the VP at the office is the one who
makes the decision; I can only make a recommendation.

His argument is that our network should mimic our client's
network as much as possible.

Also, this is a very small company; they would not even
begin to consider paying for a security expert to consult
with them on this matter.

Most of my recommendations go ignored or denied so I'm
likely going to need to install the checkpoint software on
a Windows 2000 Server with two NIC's.

Oh well...just means more work (money) for me.

-----Original Message-----
Agreed.

Even better, I personally would really consider buying a firewall appliance
instead, fewer moving parts for more reliability, cheaper, fewer unnecessary
services and fewer patches requiring reboots. www.netscreen.com
introductory firewall starting around $550 US comes with well-rated VPN,
bandwidth shaping, content filtering, reporting, and a bunch of other
features that cost lots of extra $$ from Checkpoint. If you really wanted
Checkpoint, there are checkpoint appliances such as

www.intrusion.com and

www.nokia.com starting around $600 to $1000. In the past, Checkpoint on
Windows has had some speed problems that become visible on busy network
connections, and may never be as fast as Checkpoint on other OSes.
[Checkpoint support is also pricey and costs extra, even to get into their
self help knowledge base.]

Also, if you have to ask these questions, then you really want to hire a
trusted security expert. A firewall's security depends entirely on how well
it is configured, and one mistake can be your undoing.

There are even respected free firewalls that boot off of a boot CD and run
on an old 486 computer you might consider:

http://securityadmin.info/faq.htm#firewall

gp to www.checkpoint.com search their FAQ's
also www.phoneboy.com

.