Firewall Wizards mailing list archives
medical records, web server, & stateful firewall vs packet filter
From: "Adam Greene" <maillist () webjogger net>
Date: Mon, 7 Nov 2005 09:31:21 -0500
Hi, Looking for opinions about the following situation: Our customer runs a medical imaging service. There are three components: web server, image server and SQL server. The web server needs to be publically accessible over the Internet. The web server needs to be able to access the image and SQL servers directly (the image server link in particular needs to be >1Gbps because the images are so large). The image and SQL servers need to be accessible from the Internet only via VPN. My plan so far is to bond multiple 1Gbps NIC's on the web and image servers and connect them via etherchannel on a Cisco 3750. The 3750 would act as a packet filter between the servers. The SQL server would attach to that too. Then I would set a Cisco ASA 5510 between the 3750 and the Internet, to terminate VPN connections as well as provide stateful firewall and maybe some application filtering services for the webserver. My question at this point is: am I making a mistake by placing a stateful firewall between the webserver and the Internet? Maybe a simple packet filter would be less prone to DoS attacks. I could stick a Cisco 2800 there instead. I have always believed that a stateful firewall device like a PIX or ASA 5500 would offer better overall protection than a packet filter (I need to limit access to the image and SQL servers too), but some feedback I've received recently is causing me to question this assumption. Anyone care to point me in the right direction? TIA, Adam [p.s. tried posting this on 11/3; not sure why it didn't go through...] --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- medical records, web server, & stateful firewall vs packet filter Adam Greene (Nov 10)
- RE: medical records, web server, & stateful firewall vs packet filter Paul Melson (Nov 17)
- Re: medical records, web server, & stateful firewall vs packet filter Adam Greene (Nov 22)
- RE: medical records, web server, & stateful firewall vs packet filter Paul Melson (Nov 17)