3 simple questions: 'To firewall or not to firewall?'
I'm currently trying to set up a firewall solution for my web servers at ServePath. At the moment I'm not into hardware firewall due to budget constraints.
I've tried using IPSec and RRAS in Windows 2003 as port blockers and managed to do so. However, passive FTP is a problem I couldn't solve. It seems I need to have ranges of ports opened to make this work.
So I'm looking for a software firewall that has these specific features:
1. Little impact on the speed of traffic. My servers are going to have very high traffic and I'd like a software firewall that wouldn't make things slow.
2. Good administration: port ranges, decent configuration of rules, etc.
3. Remote installation. This is important! I know that some of them will block my Remote Desktop as soon as it is installed (Zone Alarm, for example, is one of these). Is there one I can install, configure, and then set as active?
Also, I have one doubt: I'm still thinking of IPSec and RRAS. Basically what they do is port blocking, right? How is that different from software and hardware firewalls? Don't they simply do that, anyway? Why spend the extra $$ on a firewall?
I count on your expertise, folks. Thanks in advance.
Helder.
