Anyone got multiple VPN's on Raptor
11 December 2001, 07:24 PM
#1
Scooby Regular
Thread Starter
Join Date: May 2001
Location: Scotland
Posts: 4,580
Likes: 0
Received 0 Likes
on
0 Posts
We got a Raptor 6.5_3 Firewall running Solaris, need to setup VPN Raptor mobile on it, but been told (by a salesman no less) that running this on a firewall thats also used for http/smtp and web hosting is going to seriously cack performance and we need a VPN appliance to connect too.
Is this true? I've also been high bandwidth VPN connections are going to wack resources and effect throughput of other services.
Cheers
John
Is this true? I've also been high bandwidth VPN connections are going to wack resources and effect throughput of other services.
Cheers
John
11 December 2001, 11:41 PM
#2
Scooby Regular
Join Date: Apr 2001
Posts: 229
Likes: 0
Received 0 Likes
on
0 Posts
Don't knock salesman, a lot of us have done the techie stuff already.
Take a look at what the firewall is doing in it's current guise - it's running a rulebase that is probaly doing packet filtering, and some stateful inspection of one sort or another. If you then go and run multiple vpn tunnels on it, the processor will be tied up with encryption/decryption - lots of maths, so yes, your website will suffer from performance loss.
Depending on how much bandwidth you have currently, and your available cash, I would recommend one of the following.
1. Buy a beefier access router - something with plenty of memory, and buy the firewall feature set for teh router (assuming you are using Cisco - you'll really need a 3640 with 256mb RAM and a VPN accelorator card for a 2mbps line) You can then use the IPSEC client software on your remote users PCs.
2. Buy a proper VPN service from a decent supplier - Cable & Wireless does a good one based on Nortel routers - these are designed for high speed encryption, or UUNET (worldcom) who run a system based on Xedia boxes - both are good and proven, and both companies provide the relevant client software.
From a security point of view, I would be shot if I advised one of my customers to run a remote access VPN on the same firewall protecting a corporate website.
Dim Salesman.
Take a look at what the firewall is doing in it's current guise - it's running a rulebase that is probaly doing packet filtering, and some stateful inspection of one sort or another. If you then go and run multiple vpn tunnels on it, the processor will be tied up with encryption/decryption - lots of maths, so yes, your website will suffer from performance loss.
Depending on how much bandwidth you have currently, and your available cash, I would recommend one of the following.
1. Buy a beefier access router - something with plenty of memory, and buy the firewall feature set for teh router (assuming you are using Cisco - you'll really need a 3640 with 256mb RAM and a VPN accelorator card for a 2mbps line) You can then use the IPSEC client software on your remote users PCs.
2. Buy a proper VPN service from a decent supplier - Cable & Wireless does a good one based on Nortel routers - these are designed for high speed encryption, or UUNET (worldcom) who run a system based on Xedia boxes - both are good and proven, and both companies provide the relevant client software.
From a security point of view, I would be shot if I advised one of my customers to run a remote access VPN on the same firewall protecting a corporate website.
Dim Salesman.
12 December 2001, 08:36 AM
#3
Scooby Regular
Thread Starter
Join Date: May 2001
Location: Scotland
Posts: 4,580
Likes: 0
Received 0 Likes
on
0 Posts
Thanks Jim
Not got anything against sales bods, just a bit annoyed by the fact that we were sold this f/wall (before I joined the company) on the instruction that it would be capable and deliver our need for mulitple VPN connections...now when it comes to be doing this we are told (by the same salesman) that he don't recommend it.
See where I'm coming from
As we deal with both C+W and Worldcom I'll have a look at what they have to offer.
Cheers
John
Not got anything against sales bods, just a bit annoyed by the fact that we were sold this f/wall (before I joined the company) on the instruction that it would be capable and deliver our need for mulitple VPN connections...now when it comes to be doing this we are told (by the same salesman) that he don't recommend it.
See where I'm coming from
As we deal with both C+W and Worldcom I'll have a look at what they have to offer.
Cheers
John
12 December 2001, 11:18 AM
#4
Scooby Regular
Join Date: Oct 2000
Location: Surrey, UK
Posts: 8,384
Likes: 0
Received 0 Likes
on
0 Posts
BTN in wokingham seem to have a very good understand of VPN solutions using Raptor f/w, I've worked with them before, give them a call on 01189-361810, I believe Peter Leeke or Jason Foster there would be able to put you in touch with someone who can help you.
If you speak to Jason, tell him DrEvil sent you, they all saw my P1 with the stickers
Alex
If you speak to Jason, tell him DrEvil sent you, they all saw my P1 with the stickers
Alex
12 December 2001, 12:25 PM
#5
Scooby Regular
Join Date: Apr 2001
Posts: 229
Likes: 0
Received 0 Likes
on
0 Posts
Yep, BTN would be a good solution - they are v. good at multi-teir firewalls and intrusion detection - still, don't use the same firewall for your VPN - security issue.
BTW, BTN are owned by C&W - that's who I work for!
J
BTW, BTN are owned by C&W - that's who I work for!
J
Thread
Thread Starter
Forum
Replies
Last Post