I hope this is the right place to ask this question; I'm a novice when it comes to networking and I need to ask a basic question about firewalls and routers, which I can't seem to find any answers to anywhere else!
We are a small publishing company (<15 employees) and have around 12 computers on an existing 100 Base-T LAN (5 Macs, and 7 PCs). Until now, we have accessed the internet via dial-up on each individual computer, but we're now looking to get broadband, which we want to share across the network.
I have done a bit of research on routers and firewalls, and selected a couple that I think would do the trick. They are made by D-Link (the reason for selecting this manufacturer is that our existing switches and Wireless Access point is made by them; I know it doesn't matter which manufacturer I use) and I've selected the DSL-502T Router and either the DFL-200 or the DFL-700 Firewall. I'm asking the following questions because after downloading the documentation and reading through it, it doesn't seem to specifically address these basic questions - unless I'm missing something (which could be possible!). The router obviously performs router functions and has a 'firewall' built in (it just seems to mask the IP address, although you can set it up in NAT mode). And the router documentation seems to hint that it does route data around the network, but again, it's not specifically stated.
So my question is this:
If I have a firewall installed, do I still have to have a router? And if I have to have a router, where is it connected? Is it: ADSL Modem - Router - Firewall - LAN, or: Modem - Firewall - Router - LAN?
And how are they connected? Is it as simple as connecting a free port to the LAN via a standard patch cable? Again, the documentation seems to hint at this, but doesn't give specific answers. Some of the routers or firewalls have a built-in 4-port switch, which is useful for being able to create a small network right out of the box. But it doesn't give you any indication of how to connect it to an existing Switch. Do you have to plug it in to a specific port, or will any of the LAN ports do? Or do I need to get a router and/or firewall which only has one LAN port on it?
I've also looked at all of the basic principles and the topology sections of this (excellent) website, but again it lists firewalls and routers as separate items and doesn't show them working together. Does this mean that you don't need the router with the firewall?
I appreciate that these are very basic questions, but I would greatly appreciate any pointers anyone can give to help me get the problem solved before I buy!
You can certainly do what you are aiming to achieve. Just to give you a flavour we have a 1Mb ADSL from BT which we share among a number of users via the LAN.
An ADSL connection is a way of giving you a data connection to the internet over a standard telephone circuit. So you need a 'box' that you plug into the end of the phone line that presents you with the internet feed. The box can incorporate several functions, which is where it can get confusing. Firstly, you must have an ADSL modem which is the bit that actually converts the line signals into a usable internet connection. Some ADSL providers just give you a modem which usually has a USB output. This gives you internet access for a single PC. Other providers give you a box which contains the ADSL modem and a router all in one. The router lets you support multiple PCs off your internet connection. And also you can get, all in a single box, the modem plus a router that has a built-in firewall. Or, alternatively, you can buy these boxes separately and connect them together for the same result.
As you say, some routers (or firewalls) have a built-in switch to make it even easier for you to connect up a limited number of PCs. So your first question really is what is my ADSL provider going to supply me with? A basic modem with USB output is no good to you, you want at minimum a modem/router that gives you at least one RJ45 ethernet output. Then all you'll need is a firewall. Some providers will give you the lot - for example BT can supply the modem, router and firewall in one unit that also has a 4-port ethernet switch built in. That makes it really easy.
So, basically, what you want to do is:
ADSL line--Modem/Router box--Firewall--network switch--multiple PCs
Feel free to come back with more questions!
We're going to get a 512kb line with a fixed IP address from our ISP, but we will supply modem and router. The Router I listed (DSL-502T) has the ADSL modem built into the box, so you just connect it to the LAN; my concern was that we obviously need a firewall, but I didn't want to have to get a router if the firewall will perform that task. And I would rather get a specific firewall, rather than only relying on the built-in firewall of the router (which only appears to have rudimentary firewall facilities).
We have a rack-mounted 16-Port 10/100 switch for our existing network, which has 2 ports free. It is unlikely that we will ever have more than 16 computers networked, and we don't have a lot of traffic on it.
I guess what it comes down to is that will the firewall perform the task of routing the net traffic to the correct computer on the existing network, without the addition of a specific router to perform that task? I need to know before I buy the hardware as if the firewall will, then I'll just buy an ethernet ADSL modem. If it won't work, then I'll buy the router modem instead. As I've just noted, we aren't a large company so the router wouldn't have a lot of work to do on our small network.
No, you'll need the DSL-502T connected tho the ADSL line, then your firewall (e.g. D-Link DFL-600) connected to that. The DFL-600 provides three RJ45 LAN ports, so you connect one of these to a free port on your existing switch. You'll probably need an RJ45 crossover cable to make this connection. You could also use the other two RJ45 ports on the DFL-600 for PCs as well.
I can't comment on the D-Link kit or the suitability of either the DSL-502T or the DFL-600 as I've never used them. I have used Draytek kit to do similar things though and they work great. Suggest your next step is to download the manuals for the kit and have a read to make sure you feel confident with the configuration that will be required. You might also want to contact D-Link and get some pre-sales support
I've already downloaded all the documentation I can for these products and have ploughed through it prior to asking the question here. I feel sure that I'll be able to work through the setup as they include helpful "Quick installation guides" and has web-based setup wizards to use.
I guess that with the firewall setup, leaving it at the default settings will be ok while I work out what all the features it comes with do?
Yeah, as long as the default behaviour is "let everything originating from the inside (your LAN) out, but block everything originating from the outside (the internet) from coming in". That will let all your users surf but block any unsolicited access from outside. Check the firewall documentation to find out what the default behaviour is
By the way spiffy, what do you publish down there?