I'm about to revise our network setup and I was wondering how a good setup with zorp would look like. We are a pretty small company. We have about 10 workstations and about 4 servers. We are connected with around 1,5 MBit and we have about 2-4 GByte/Month of traffic on our firewall right now. Since zorp is an application level proxy firewall the demands of machine power are usually a bit higher than for a simple ipchains based firewall. I was wondering if an old PII 200 Mhz might be enough for our scenario. I am also wondering if there are traffic statistics available with zorp and how good the IDS is. Maybe snort can be combined with zorp? Maybe someone could also spent his 2 cents on the following network setups: setup 1: internet | [zorp] | | | +---perimeter net | intranet setup 2: internet | [zorp] | perimeter net with [gateway] | | intranet Where should a centralized syslog-ng and/or authentication server be placed. inside the perimeter net or inside the intranet. (inside the intranet would mean to pierce the firewall to allow syslog traffic from the perimeter net into the intranet) If anyone could share some thoughts or experiences would be great. Thanks -- Torsten