# Firewall implementation



## uthayanathan (Jul 20, 2015)

Hi,
I am working as a system engineer in IT an company. In my company i need to implement firewall security.but i don't have knowledge about firewall implementation.

In our company we use four gateway and use around 60-70 systems.
four gateway like(192.168.1.211 , 212 ,213 and 214).

Kindly tell me what are the requirements and steps for implementation.



thanks,
udhayakumar


----------



## MitchConner (May 8, 2015)

What sort of security do you need to implement mate? What does your current network look like?


----------



## uthayanathan (Jul 20, 2015)

Hi,

thanks for your reply conner..

I attached my network infra with this...

I need to implement, 
1)Block unwanted downloading (films,songs.etc from torrentz).
2)We have lot of malwares in office. i have to find and remove. also to secure from future attacks.
3)Block unwanted sites.
4)Load balancing.


kindly help me for this. thanks..

http://i62.tinypic.com/35bf4gm.jpg


----------



## MitchConner (May 8, 2015)

What's your budget mate for this project mate?


----------



## uthayanathan (Jul 20, 2015)

Maximum 50$. We have decide to implement software firewall.Is any free open source firewall..


----------



## MitchConner (May 8, 2015)

Pfsense is open source mate:

http://pfsense.org


----------



## uthayanathan (Jul 20, 2015)

oh...thanks... can you pls give some plans as per my network infra. and also installation and configuration tips.


----------



## MitchConner (May 8, 2015)

I'll need some more info about your network first mate 

Are your switches all layer 2, or is there a layer 3 switch in there (or the ability to get an IOS for your switch)? 
Can you list your switch models please?
Do you absolutely need 4 internet links for the office?
Do you have the resources available to build a server to run pfsense (or some variant)?


----------



## uthayanathan (Jul 20, 2015)

Hi.. mate
We are using layer 2 switch. (totally 4)
Switch model is D-link DES -1024D.
Absolutely we need 4 internet link.
What kind of resource is need to build server?
Can you tell how to get IOS for switch.


----------



## Vikaram (Jul 1, 2015)

three ways to ensure that the implementation of your firewall is successful: 

from 3 Simple Steps to Implementing a Firewall Solution


> Define security needs: Before installing a firewall solution, it is helpful to first define exactly the level of security necessary for your organization. First, examine any existing solutions and note what currently works, what doesn’t work, and what areas need to be improved. Next, ask the IT department for information about data transactions within your company's network – where are the weak links and what are the most sensitive areas needing protection. Also determine all points of access that need to be secured using endpoint protection. Finally, because it is likely that there won’t be one solution to meet all your needs, prioritize the list in terms of critical and non-critical, and include budgetary constraints. A well-thought out and detailed internal specification will pave the way to finding a firewall solution that meets your business’s needs.
> Research solutions that match the specified needs: Only once a business has defined what it needs from a firewall/managed security service can the process of researching solutions begin. In addition to services, make sure to research every potential IT provider's longevity in the business, history of servicing clients, and their all-around stability. Choose a vendor who has a reputation for providing quality and efficient service.
> Installation, configuration, and maintenance of the firewalls: Once a vendor has been chosen, the final step in setting up your firewall is the actual implementation. The IT provider you have chosen will install the solution in your environment, covering all of the areas you deemed necessary in your easrlier assessment. Post-installation, the firewall will be maintained and upgraded with both manual and automatic updates. Feedback should be provided on a consistent basis to ensure that the firewall is performing as expected.


----------



## uthayanathan (Jul 20, 2015)

Thank you.. vikaram...


----------



## MitchConner (May 8, 2015)

uthayanathan said:


> Hi.. mate
> We are using layer 2 switch. (totally 4)
> Switch model is D-link DES -1024D.
> Absolutely we need 4 internet link.
> ...


Hi mate,

You'll need to have a Cisco CCO account to get images (some of them), advanced images would require a smartnet contract.

You'll need to have a physical desktop or server (or spare resources in a virtual environment) to build the pfsense firewall. I don't know if pfsense comes with any sort of IPS for blocking malicious traffic so you'll either need to increase your budget or use a free anti-virus on all your workstations. Alternatively, you could run something like Snort on the same machine for IPS/IDS.


----------

