We’re about to buy a Cisco Firewall and we need fiber ports as interfaces, the technical Cisco product guy, asked what are the Fiber specifications you want?
I asked what do you mean? Don’t we just need a firewall with SPF SFP interface? – I sometimes make that mistake ;P -
He said, well type of fiber you are using and connectors.
Isn’t all the fiber used for long distance is single mode, and our fiber is terminated on LC connectors, so this is what you need right?
Well, no we need more information.
Really, like what kind?
I’m not sure, I’ll ask our other technical guy, he’s more into fiber specifications and I’ll get back to you.
Ok!
I’m still waiting for their feedback actually. What I know about fiber in general, is there are two type, single mode and multi mode. Single mode is for long distance and more expensive. Multi mode is for shorter distance and cheaper. Each has it hardware to support it. You can’t link a multi-mode to single-mode fiber without having some kind of transceiver to convert the signal. The type that they pull from the nearest exchange to buildings is single mode and if you want to pull fiber within your premises, across floors or between close buildings, you’ll use multi mode.
I’ve never seen a fiber mode convertor, but I hear they are very expensive, what they’ll do actually is have two transceivers, single mode to ethernet and multi mode to ethernet, so they’ll connect the single-mode to the first transceiver and connect the multi-mode fiber to the second transceiver and have an ethernet cable between them. From a network point of view, two points of failure! From a sales point of view, cost saving.
Check your WAN connection, are you utilizing fiber, leased lines, wireless, satellite. If you are using fiber, how is it connected to your router, is it direct or through a transceiver. If it is the first one, then your router is with a fiber interface module plugged which is more expensive then having a fast/giga-ethernet interface and having a transceiver in between.
Regarding the connectors, you know how long it took me to actually get them right, 1 year ;P ST round, SC square, MTRG big square, LC the small ones, I memorized them like that. Actually, I only used to mix up SC & ST.
Fiber cables, can come with the same connector terminated on both ends, LC-LC , or different type of connectors ST-SC. So maybe your fiber patch panel has ST connection and your switch interface has SC connection.
I’ve never dealt with Cisco firewall, so this would be interesting, firewalls all have the same concept, you just need to get familiar with how to manage it. The thing I know about Cisco, is every feature you need, you have to buy a separate product! Not all in within the same box. We’ll see what ours comes with.
#1 by MBH on April 26, 2009 - 1:13 PM
In our old HQ, we have the fiber laid to one branch and then another fiber cable to the HQ (branch & HQ are near each other). At the HQ there’s a converter from fiber to ethernet which goes to the core switch there. It’s a dumb setup.
In the new HQ, we have fiber cables coming from the exchange to our server room, where the cores are terminated (single mode) to a mux which is connected to a router. One data router & one Internet router.
The exchange is 7km away from our building, as I remember reading from the device that the technician had (who was terminating).
Which company are you dealing with? We deal with Khurafi Business Machines (KBM).
#2 by Bloggylife on April 26, 2009 - 9:55 PM
we have E1 multiplexer where each interface can go upto 2Mbps, this is for IP telephony only.
For Internet we link our fiber directly to our router.
Well we haven’t bought the equipment yet, still in the poking around phase.
#3 by Marzouq on April 29, 2009 - 12:04 AM
Most people use single mode, its rare to find multi-mode, and there isn’t much of a reason for it.
DONT GET THE CISCO FIREWALL!!! If you can go for something simpler go for it… I forgot what its called but don’t get the ASA firewalls and avoid WatchGaurd firewalls, the ASA is annoying to configure with very low features for an expensive piece of equipment!
#4 by MBH on April 29, 2009 - 10:28 AM
I second Marzouq on Cisco. Their simple firewall is called Pix. ASA is too expensive and the features that they boast require licensing *each* and it’s per user!
If you care to share what features are you looking for in a firewall and why do you need a firewall (don’t have one now?), I may be able to help.
#5 by MBH on April 29, 2009 - 6:44 PM
http://icanhascheezburger.com/2009/04/28/funny-pictures-upgradedyur-firewall/
#6 by Bloggylife on May 5, 2009 - 10:05 PM
Actually it’s going to be a second firewall! Our main one is checkpoint and I LOVE it. Cisco will be with the basic features, no VPN, no QoS, no detection, prevention aka smartdefence, it’s within our private network. As it with me these days and my bad memory, I forgot what we decided on! I’ll check it out tomorrow