KarmaPoliceSTL
Limp Gawd
- Joined
- Nov 10, 2002
- Messages
- 258
Hey all, so i've been tabbed with setting up a small office network... i'll be the first to admit i'm not super savy on the networking side of things, more of a server/vmware/db guy by training... but i'm eager to learn, and there's not many others here that can help me...
Anyway, wanted your feedback on the following idea...
Requirements:
- Host web applications for up to 300 users
- Host internal applications for up to 100 users
- Have VPN capabilities to the internal applications (i'm preferring SSL VPN i think) with up to 50 concurrent connections
- FIPS level encryption of anything web -> dmz and the vpn
- Intrusion Detection, AV, AntiSpam, Filtering
- ~3 application servers in DMZ (moderately virtualized) (expanding to 2-3x over 5 years)
- ~5 application servers internally (moderately virtualized) (expanding to 2-3x over 5 years)
- Expandable NAS array on internal
- Backup for DMZ & internal servers
- WiFi access at our office to internal network
What I'm thinking (let me know if i'm even in the right class for this stuff):
Web-DMZ Firewall - Juniper SSG5
DMZ-Internal Firewall - Juniper SSG5
SSL VPN - Juniper SA4500 FIPS
Edge Router - Juniper SRX100 (w/ AV, IDPS, AS, WF)
DMZ Switch - Cisco SG300-20 (already owned)
Internal Switch - Juniper EX4200 48T (maybe 2x)
WiFi - TBD... this is where i'm really clueless, but need it to be very secure.
Things I'm curious about...
anyone know of a cheaper FIPS compliant SSL VPN? 12k is a little more than i want to pay... especially since the non-FIPS version is only 4k...
Going to go do some browsing on here now about office WiFi, but any help there would be greatly appreciated, have a ~3000sqft office, with a central reception/elevator area, but otherwise open floor basically. Also, what are some of the better WiFi security options.
Do i need the Web-DMZ firewall? or will the SRX100 do basically the job of both?
what am i missing? (should i get an NTP device? others?)
Anyway, wanted your feedback on the following idea...
Requirements:
- Host web applications for up to 300 users
- Host internal applications for up to 100 users
- Have VPN capabilities to the internal applications (i'm preferring SSL VPN i think) with up to 50 concurrent connections
- FIPS level encryption of anything web -> dmz and the vpn
- Intrusion Detection, AV, AntiSpam, Filtering
- ~3 application servers in DMZ (moderately virtualized) (expanding to 2-3x over 5 years)
- ~5 application servers internally (moderately virtualized) (expanding to 2-3x over 5 years)
- Expandable NAS array on internal
- Backup for DMZ & internal servers
- WiFi access at our office to internal network
What I'm thinking (let me know if i'm even in the right class for this stuff):
Web-DMZ Firewall - Juniper SSG5
DMZ-Internal Firewall - Juniper SSG5
SSL VPN - Juniper SA4500 FIPS
Edge Router - Juniper SRX100 (w/ AV, IDPS, AS, WF)
DMZ Switch - Cisco SG300-20 (already owned)
Internal Switch - Juniper EX4200 48T (maybe 2x)
WiFi - TBD... this is where i'm really clueless, but need it to be very secure.
Things I'm curious about...
anyone know of a cheaper FIPS compliant SSL VPN? 12k is a little more than i want to pay... especially since the non-FIPS version is only 4k...
Going to go do some browsing on here now about office WiFi, but any help there would be greatly appreciated, have a ~3000sqft office, with a central reception/elevator area, but otherwise open floor basically. Also, what are some of the better WiFi security options.
Do i need the Web-DMZ firewall? or will the SRX100 do basically the job of both?
what am i missing? (should i get an NTP device? others?)
Last edited: