Firewall and ICS Question

[Dave Dude]

I work for a company that in the past has always used ics
to share the internet on small LAN's. Some of our clients
are asking for a true firewall (linksys, 3com). My boss
insists that it's "best" to hook the modem to the
firewall, and then the firewall to the first NIC on the
server, the second NIC then runs to the switch with ICS
still enabled. Half the time this doesn't work at all, if
it does work then things like pc anywhere don't. I have
always set the the firewall to connect to the switch or
hub. Everything works perfectly. Since he has a couple
years more experience than me he refuses to beleive
anything i have said about this. Can anyone else shed
some light on this?

 

[Steven L Umbach]

Nonsense. There was a point in time where ICS was useful for small networks,
but that is long past since the advent of affordable internet
applicances/firewalls. Performance and reliability will be much better NOT
using ICS and you will have much more flexability by being able to use the
firewall to also controll outbound access to varying degrees for different
computers based on ip address which will INCREASE security, not to mention
the ability for increased logging on where trafffic is going to and from the
network. I would try to advise clients not to use the cheapest device.
Netgear makes a very affordable line of ProSafe nat/firewalls that are true
SPI firewalls and can be purchased for as little as $80. --- Steve

http://www.netgear.com/products/prod_details.asp?prodID=140&view=