[zorp] good setup
Fri, 26 Oct 2001 15:59:15 +0200
On Mon, Oct 22, 2001 at 07:04:54AM +0200, Torsten Curdt wrote:
> I'm about to revise our network setup and I was wondering
> how a good setup with zorp would look like.
> We are a pretty small company. We have about 10 workstations
> and about 4 servers. We are connected with around 1,5 MBit
> and we have about 2-4 GByte/Month of traffic on our firewall right
> Since zorp is an application level proxy firewall the demands
> of machine power are usually a bit higher than for a simple
> ipchains based firewall. I was wondering if an old PII 200 Mhz
> might be enough for our scenario.
It should be enough. Our tests have shown that a P133 is able to saturate a
10Mbit ethernet link provided the number of concurrent sessions are low. A
Memory might be a scarce resource, put as much in as you can (128MB should
> I am also wondering if there are traffic statistics available
> with zorp and how good the IDS is. Maybe snort can be combined
> with zorp?
yes, of course it can be combined. otherwise you might be interested in
*.error log lines emitted by proxies, because they usually indicate protocol
errors in the stream. (to find out log tags assigned with messages use the
-T command line option to Zorp)
> Maybe someone could also spent his 2 cents on the
> following network setups:
> setup 1: internet
> | |
> | +---perimeter net
> setup 2:
> perimeter net with [gateway]
we usually use the #1 scheme, because the most risky environment is the
permiter network (provided you mean a DMZ here), and given it is
compromised, your intranet is still protected.
> Where should a centralized syslog-ng and/or authentication
> server be placed. inside the perimeter net or inside the
> intranet. (inside the intranet would mean to pierce the
> firewall to allow syslog traffic from the perimeter net
> into the intranet)
inside the intranet, syslog is _sensitive_ information, and as such must be
protected by all possible means.
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1