I need to protect about 80 servers from certain attacks some of them are being victim of. Altogether, these servers use about 200Mbps being almost all of them webservers. The last time, one of them was a victim of a DDoS attack which made all the rest get some packet loss (because this attack was consuming all the bandwidth we had available).
I was looking at Juniper solutions, however I get a bit confused with all the products they have to offer. First, I was looking at IDP series, but they seem a bit pricey and I believe I don´t need all those IDP functions those devices are capable of. NetScreen is also too expensive for me. I´m looking at a budget of 10.000$ aprox.
I found SRX series and after taking a look at SRX240 and SRX650 specs [url] those firewall numbers seem very nice and perfect for my problem. Would this be a wise choice? This device would act also as the main router for our racks. Please let me know if there are other recommendations that fit the specified budget (10K).
Can anyone give any real world numbers as to what each model of the Juniper-J series router is capable of? How much do these routers cost, and where is the best place to get them from?
Does anyone have any experience running Juniper SSG-550 firewalls in a high-traffic hosting environment?
I run network operations for a hosting provider in Australia. We currently have two J4350s running as border routers, and we are looking at putting two Juniper SSG-550s behind the border routers to do stateful firewalling / NAT.
We'll be using active/active NSRP on the SSGs for load balancing and failover.
My concern is that these devices may not be able to handle our traffic load. They have a hard-set limit of 256,000 "concurrent sessions" which may not be enough for us in peak times. Almost all of our traffic is HTTP though, so I would imagine sessions would timeout quite quickly?
In one of our racks, we now just have two Procurve (J4900B) switches, and run software firewalls on our CentOS servers. We are now looking towards a hardware firewall to ease managment and reduce load on our servers.
One of our suppliers reccomends the SSG140 from Juniper, and it seems to cover our needs. The SSG320 however seems to have more features, like layer3 routing. Could this device replace our Procurve switches, and act as a firewall/switch?
Anyone familiar with these devices and have some input on what to choose? How does the anti-ddos and bruteforce attack functions work out, do they hold up? Anyone tested the Deep Inpspection Signature module? Is it worth having for a ISP/Webhost?
I've been reading and searching on here as much as I can to try to help me in making a decision, unfortunately when I think I know what to do, I read something else and get confused again.
We are in the process of moving networks within our datacenter and will have 2 drops coming into our half-cabinet. We have about 7 servers in there, some for our own use and some for clients. In all cases, we manage the servers and are the only ones with root access (no need for VLANs for the purpose of protecting IPs etc).
We currently have a single drop and use an HP procurve 2524 layer2 switch that has been in there for over 6 years and never had a single hiccup. We also don't push much traffic at all though. Under 5mbps combined.
My question though is this: moving to the new network we will have 2 drops that are set up as HSRP on their end (upstream of me, I don't have to worry about having two switches). In order to use the dual feeds, we will need a Layer3 switch. One feed will be active, the other is not, both are connected to the switch via a VLAN and provide a gateway for VLAN2 to use. I have never used a layer3 switch, though I'm not *too* concerned since I don't expect we'll be doing anything too complex. My understanding is that one VLAN (VLAN1) will be set up with an IP address assigned to each drop and that VLAN1 will create a gateway for VLAN2. The second VLAN (VLAN2) will be all our "inside" client IPs that will then route through VLAN1.
I was briefly checking out the cisco 3750, but I think it's overkill...? I don't want to spend too much money, since I don't think we need any complex setups, at the same time, I don't want to waste money by buying something that won't work efficiently down the road.
My immediate short-list is now an HP procurve 2610, an HP procurve 3500 J9470A (not the YL), and a Cisco 3560 24-TS.
Of course, then someone mentioned Juniper (whom I have zero experience with either) and hence the title to my thread... I'm thoroughly confused. I was looking at the EX3200-24T.
Ok, so if I have to boil this down to some simple requirements/thoughts... here goes:
1. I only need 24 ports for now.
2. I use SNMP currently to monitor usage for clients (and overall)
3. I like HPs and have used them for layer2, I like their lifetime warranty and software availability
4. I don't have direct experience with Cisco at all.
5. Aside from routing from one VLAN (provider side) to another VLAN (my side), I don't think I need any other special features (hence the hp 2610 being ok I think, since it offers "lite layer3")
6. Some people say HP is great for layer2 but not for layer3? Now I dont' know what to think.
7. Currently use about 2mbps and might jump to 3 or 4mbps, but don't have major needs. I'd like for this switch to be able to last me a while though... so maybe 20~40mbps+? (but still not the hundreds of mbps that others here push
8. If possible, I'd LIKE to limit some servers to 1mbps or 2mbps on a per-port basis... but this is not a hard requirement. (I think this takes the 2610 out).
Budget: I like the $500 price tag of the 2610, but can spend the $1500~$2000 for the HP 3500, Cisco 3560, or Juniper. I would just rather not, if the price/features are not justifiable.
Hopefully I've provided enough information for someone to offer their insight? I think a few strategic key points or questions from someone with more experience might be what I need to help me bust through the "too many choices" fog and end up with the best switch for my situation...
I am tried of not finding a good documentation on now to configure netscreen-25 firewall.
This is the current setup;
Ethernet Drop -> Netscreen (connected via straight RJ-45)
NetScreen -> Switch (Connected via cross-over cable)
This is the what I want to be able to do...
I am assigned a 76.36.57.32/27 subnet Netmask 255.255.255.224 Gateway 76.36.57.33
1) Make Netscreen accessible via IP 76.36.57.34 for remote management.
2) I dont want netscreen to assign IPs for my wired devices because I've already set all their IPs and those are the ones I want to use.
Now, I did read the manual [url] and went to Network -> Interfaces -> Ethernet 1 Trust *edit* and in the "IP address" box I typed 76.36.57.34 and netmask "/27".
In the "Manage IP" box, I typed 76.36.57.39/27 according to the manual.
After doing all that, I cant access any of my "wired" devices behind firewall and neither can I access the firewall itself with the IP I assigned.
we have this Juniper SSG5 firewall, our very first Juniper and wanted to use it.
While I am able to use it in NAT mode, I have been unsuccessful to use it in route mode.
We have Public IPs from the same segment and I wanted to use it with the firewall but it appears that I can't assign IPs for each port if the IP is from the same segment.
Does it mean that we can't use it other than in NAT mode?
What we want to accomplish is to have one of IPs to act as gateway and filter or route in/out traffic to/from our other IPs.
I've been looking at these two Firewalls for a quite some time and I am not sure which one I should go with. Price is not a factor since both are around the same price range.
The firewall is going to be in between my DROP and LAYER3 Switch.
So...FastE -> Firewall -> Layer3
As you can see, I dont want any fancy VLAN stuff or anything like that since my switch can take care of all that. I just want a firewall which is easy to configure and manage and has DDoS protection built-in.
If you have any other hardware based firewalls in the price range of ASA 5505 and Netscreen 5GT then I would want to hear about those as well.
I have a SSG-320M I manage, and would like to know if I can block traffic to our web servers based on the user agent hitting us? I know user agents that keep using more and more IP addresses to crawl us, one already taking up some 30 or 40 addresses under my policies and its a pain to identify these by hand and keep updating the firewall every few days to add new IP addresses for them. Is there somewhere I can add part of the user agent I do not want to ever see again? Right now I do this by having a policy at the top saying "BadBotsGroup" is denied. But I want to deny anyone with a user agent "OneUserAgent" or "SecondUserAgent"
It seems so important and simple, but I do not see anything about being able to do this. Thanks for help and pointers. Right now we have special code at the top of our sites that blocks these bots, but I would much rather do it in one location at the firewall.
Looking to upgrade to a new switch and have the following in mind. Budget is around 1-2k. We're pushing 500mbps upstream so i want to make sure that the unit can handle that well. Lots of full speed traffic between servers too.
No fancy features required, and the only need is port trunking, which all of these have.
I look at the specs for latency and pps, but I'm not sure if you can trust these figures.
Anyone have experience with the following.
HP Procurve 2910al-24 $1430 latency <2.9us 131 Mpps 176 Gbps Bonus: 10Gb capability with expansion module
to build a new 10GE network and have received offers from Juniper and Cisco distributors.
Juniper seems to be a bit more expensive. It was our first choice at the beginning untill we saw many big ISP's using cisco 6509 with SUP720-3BXL for routing.
Is there anyone with experience on both products? How about support for both of these?
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
Im using the latest cPanel release. Using Pure-FTPD as the ftp server. I have CSF Firewall installed and configured and have also got [url]installed. on the dos deflate software ive set the ban limit to 250 connections.
But what my problem is that while downloading on ftp clients with internet that can download very fast that it will ban them. Ive kinda realised that it is to do with the DDos software but im unsure what i should do. Increase the limit of connections but that would mean that more minor Ddos attacks might get through so that would affect more clients. Or leave the limit at 250 and let clients get blocked for 20 minutes.
Or alternatively is there a way i can stop people getting banned via FTP completly. As i dont see that option on the Ddos or csf.
secure a LAN network with 200 computers, a specific hardware solution (like CISCO PIX or so) might not be available.
Though, I'm considering a Firewall OS based Solution like pfSense, m0n0wall, eBox, Endian Firewall, SmoothWall, etc.
There are so many options and I have no experience with none of this. My Requirements are:
Web based configuration Clean Interface with graphic statistics Pretty Secure Good hardware support Free usage Simple configuration Support for high bandwidth usage
I think OpenBSD is pretty secure, is there any OpenBSD Firewall OS solution with this requirements?
know of any hardware firewall (or suggest) which is under 300 USD and can protect around 5 servers with a total bandwidth capacity of 100 (+/-) Mbps. I am really no security expert
Of course, it should have web based management, online documentation (not really needed) and something special for prevent DoS attacks automatically (really fed up of them).
If possible if you can link me directly to an online store that can ship it Internationally / Europe?
I was having attacks so I installed CSF firewall which did a great job. However on a few of my sites, specifically proxy ones, every second or third page you visit will be a 403 Forbidden error. After about 20-30 seconds, you can refresh and it goes away. I suspect CSF is causing this, because it just started to happen after I installed it. Is it thinking there are too many connections or too much bandwidth and its blocking me or other users just using the proxy? Is there a way to make it slightly more tolerant?
I am a non technical type that is trying to start a web based business. I am thnking a dedicated server will be the best option for me but as I looked at the quotes from several different web hosts I noticed that the firewall services that they provide are very expensive. 100$ a month - 150$ a month.
Are there other firewall options that can be installed on the server that we as administrators can install and use?
I have had a fair few hack attempts from ip numbers that are on the same provider ;telewest' that i am on - is there anyway of getting this takne further other than contacting isp?
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0 Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0 Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0 Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0 Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0 Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0 Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0 Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0 Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0 Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0 Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0 Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0 Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0 Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0 Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0 Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0 Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0 Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0 Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0 Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0 Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0 Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0 Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628
Lately one of my servers have been getting syn floods and ddos attacks (repeatedly for the last 2 weeks). The attacks are not as bad as they were the last 2 weeks, but my software firewall (iptables and csf) is not doing the job anymore. It can't handle such large attacks.
I picked up a netgear firewall, but it has dhcp and lan, which made it have no use to me. All my servers are on static ips, so I would be unable to use a lan.
Is there a firewall available which would allow me to setup something like this (Server 1 is the one getting attacked):
Internet ---> Firewall ---> 48 Port Switch ---> Server 1, Server 2, and so on
or
Internet ---> 48 Port Switch ---> Firewall ---> Server 1 Other servers come off the Switch
I saw the Cisco Pix on ebay, but am not sure of all the features it holds. I basically need a firewall without any lan capaibilites, no routing, just a plain firewall that will protect from DDoS and Syn Floods (if possible, also email me the logs). Also needs to push up to 20Mbps (100Mbps would be best though).
I looked into m0n0wall and pfsense, but their software didn't make any sense to me. I tried setting it up on a PIII 700Mhz with 768MB Ram but never got the webConfig to work.
Price is not a huge issue, I just need these attacks to end. any suggestions on software firewalls let me know.
I have a client who requires a firewall with VPN support. He will be utilizing around 10mbit of traffic at most. What would be a suggested firewall to go with that would properly handle vpn?
