Setting up a firewall behind another firewall
Results 1 to 7 of 7

Thread: Setting up a firewall behind another firewall

  1. #1
    Junior Member
    Join Date
    Jan 2003
    Posts
    9

    Setting up a firewall behind another firewall

    is there a way to set up 2 firewalls one behind the other, the first one is directly connected to the router and use the wan ip and give the network internal ips eg: 192.168.1.....the second one is in the lan and instead of using the wan ip it use a LAT ip generated by the first firewall and forward all the requests to the main firewall
    Last edited by harvesterofdata; February 25th, 2007 at 06:20 PM.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    You can have as much firewalls after eachother as you like. It'll make administrating them hell but it's possible. Banks and other companies that need just that bit of extra protection usually use 2 firewalls, one after the other, of 2 different brands.

    Keep in mind the subnets/subnetmasks between the firewalls and routing between them.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I don't understand.What would be the point of having more than (say) 2, as SirDice has suggested. You say "one behind the other" which implies that they are arranged in series................. this would be pointless, because if the first two didn't enforce your rules, neither would the others.............. they would be redundant.

    You mention a specific number (22) which suggests to me that the number of devices is being taken into account?

    This implies that you have an external firewall and a number of internal firewalls............one for each device. I this case they are arranged in parallel which would make slightly more sense, as they may protect the individual devices from internal traffic?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Junior Member
    Join Date
    Jan 2003
    Posts
    9
    Sorry guys its "2" I misstyped it, anyway the reason behind this is that I work in a company where the firewall is under the control of the internet provider and we only have LAT ips here the wan is not under my control plus the ISP is not filtering everything like what should i do if i need to stop the messengers like MSN,AOL ect... or block certain sites ,thats why I want to set up the ISA 2004 firewall on my DNS/active directory server to resolve this issue.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by harvesterofdata
    {...} I want to set up the ISA 2004 firewall on my DNS/active directory server to resolve this issue.
    Don't.. Use a seperate machine for ISA.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    As SirDice said using your DNS/AD machine as a ISA server is a very very bad idea. You want your AD/Internal DNS server behind the firewall, you don't want it to be the firewall lol.


    As they said its no problem to have 2 firewalls like that, just set up your IP's and routing appropriately, and your good to go.
    =

  7. #7
    Junior Member
    Join Date
    Jan 2003
    Posts
    9
    Quote Originally Posted by cheyenne1212
    As SirDice said using your DNS/AD machine as a ISA server is a very very bad idea. You want your AD/Internal DNS server behind the firewall, you don't want it to be the firewall lol.


    As they said its no problem to have 2 firewalls like that, just set up your IP's and routing appropriately, and your good to go.
    yea but the first firewall will make a good protection from any outside threat and my dns will be behind this firewall and the second is just made as a prison gate to deny access to certain sites and messengers from inside and its not a problem if its installed on the DNS server, the gateway of the users and the DNS will be the same and they cant pass to the first firewall without passing by the internal firewall.

Similar Threads

  1. firewall detection and network probing
    By heatwave in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: October 12th, 2012, 08:53 AM
  2. Grisoft (AVG) To Release Firewall
    By c0br4 in forum AntiVirus Discussions
    Replies: 9
    Last Post: June 23rd, 2005, 12:06 AM
  3. Firewall Basics by stevecronin
    By stevecronin in forum The Security Tutorials Forum
    Replies: 7
    Last Post: January 23rd, 2005, 03:47 AM
  4. Looking to protect yourself?
    By mjk in forum Firewall & Honeypot Discussions
    Replies: 6
    Last Post: March 12th, 2004, 04:40 AM
  5. Firewall security flaws by Sharepro
    By Zato in forum Firewall & Honeypot Discussions
    Replies: 2
    Last Post: February 1st, 2004, 12:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides