One of the problems with the word firewall is that people get the perception that you purchase one piece of software, install it and you are done. A firewall also includes practical ideas. Consider these steps.

1). Purchase O'Reillies book - Building Firewalls.
2). Setup your ISDN to dial on Demand. This will shut off your presence except when being used. During the times your company is not accessing the internet you have the best firewall possible, no connection. Dial on Demand only adds 7 - 8 seconds to a connect. If someone else or a process has already connected then the following user does not know the difference.

3). Have the IP Address on the Internet side of you P75 issued to you dynamically upon connect from your ISP. No permenant IP Address on the Internet Side. Some ISP's charge 5.00 a month for a permenant IP. This may save you $ 60.00 a year.

4). Purchase an Internal E Mail Post Office that goes out and gets E Mail instead of being up and running waiting for a SMTP to be sent. Set up your pickup schedule such that E Mail quits picking up in the evening and after everyone is done on the weekend. This aids in helping you be only connected to the internet when needed. I sell MDaemon.

5). Setup a Proxy Server so that your internal PC's do not have valid IP's. If you have purchased fixed IP's for all your internal PC's this will further save you money. I sell Wingate. Wingate is not a firewall per se but gives you internal auditing and control for outbound traffic and proxies (Acts On Behalf Of) internal access to external internet. A step in firewalling.

6). Setup what O'Reilly calls a bastion computer. P120 running NT, 32 Meg Ram, 1.2 IDE gig Hard Drive to host the above software. Do not plug this computer into your network hub. Seperate this out and connect to a second NIC on your pimary server box. Do not setup this box as part of your domain. Espiecally do not set this box as a BDC if you are running NT. Your User Access files will end up on this box and you do not want that. Change the Administrator name and Password on this box. Setup the bare minimum of services. Only what you need to host Wingate and MDaemon. Be very careful about service paks and hot fixes on this box but keep up with the latest security breach fixes.

7). If you are running Novell in house do not turn on IP on that Box keep it communicaing Via IPX. Maybe consider only using Netbeui and or IPX on NT as well.

8). Do not host WWW services for the internet inside of your P75 ISDN Modem. Outsource that to someone like myself or another ISP. This seperates your network form your Web Services. If they hack into your wwww stuff they are hacking into someone elses box not your network. S Paks and Hot fixes continually expose your network to problems with the more internet services you have turned on, on the box that is being accessed by the internet.

Above should cost you no more than $ 1000.00, maybe less depending on what you already have, and offers very very good firewalling. If after this is up and running and you are still not comfortable purchase a firewall for a couple of thousand. Do not think that a Firewall piece of software by itself is the silver bullet answer.

>yes a firewall that separates a pipline 75 (isdn router) and my network
>I have 2 subnets 10.10 inside and 10.11 outside.
>
>\on the firewall box \i can see both sides.
>
>I have to go.
>
>__Stephen
>
>>Do you have a firewall in mind.
>>
>>What kind of connection do you have to the internet. Modem, ISDN (Perm or Dial on Demand)
>>
>>What kind of E Mail system you have internal.
>>
>>
>>>I haven't been doing VFP for long myself. All my accounts were DOS and and FPW2.6. Those people are finally getting new machines. My day job has me converting an older SBT & TIW system to current needs and current versions.
>>>
>>>That's a hand full!
>>>
>>>Do you know much about setting up a Firewall on NT using Proxy2? I am having a fun time wiht this one. I think I have it set up but how do I open the ports and which ones should I open. I want to have http, and email for an exchange box.
>>>
>>>Thanks.
>>>
>>>__Stephen
>>>
>>>
>>>
>>>>No problem. These messages stack up pretty fast and sometimes only seeing messages, its hard to see where things were going until after the fact.
>>>>