Bill Harris wrote:
>
> If anyone on this distinguished list could help me, I would be
> grateful indeed:
>
> I am looking for recommendations for a secure firewall for our
> network.  We are currently not set up with one.  We have a small
> network, only one (but soon to be two) NT servers plus our HP3000.
> At present only a few of our management team have access to the
> intenet over private modems.

How much money do you have to spend?  <grin>  But seriously...

Recommendations depend on your actual or perceived needs.  "Firewall" is
a term being thrown around rather loosely these days.  You need to
examine your requirements in terms of:

* Simple access restrictions (controlling the ability to access
  various services/servers from the Internet) with a "we block all
  but these services" philosophy,
* More complex restrictions to prevent access to sensitive services
  with a "we allow anything except these services" philosophy.

The former is safer and more strightforward, and more suited to a
commercial environment.  The latter is generally found with public
services, educational environents, and ISPs.

Further, are you also wanting higher level filtering such as intrusion
detection, virus scanning, etc?  This complicates matters a great deal.

You can do a great deal of filtering at your Internet router (depending
on what you have).  Using private addressing internally on your LAN and
using NAT at the firewall with static translations for only those
services you want open is surprisingly secure and rather easy to setup.
This is ideal for the "block all but these" philosophy, particularly
when the number of services you want open is small.

A full-fledged firewall might be a bit overkill for your described
environment.

If you'd like me to elaborate drop me a note.

Jeff Kell <[log in to unmask]>