-
February 22nd, 2007, 11:59 AM
#1
Junior Member
Setting up a firewall behind another firewall
is there a way to set up 2 firewalls one behind the other, the first one is directly connected to the router and use the wan ip and give the network internal ips eg: 192.168.1.....the second one is in the lan and instead of using the wan ip it use a LAT ip generated by the first firewall and forward all the requests to the main firewall
Last edited by harvesterofdata; February 25th, 2007 at 07:20 PM.
-
February 22nd, 2007, 12:04 PM
#2
You can have as much firewalls after eachother as you like. It'll make administrating them hell but it's possible. Banks and other companies that need just that bit of extra protection usually use 2 firewalls, one after the other, of 2 different brands.
Keep in mind the subnets/subnetmasks between the firewalls and routing between them.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
February 22nd, 2007, 01:15 PM
#3
I don't understand.What would be the point of having more than (say) 2, as SirDice has suggested. You say "one behind the other" which implies that they are arranged in series................. this would be pointless, because if the first two didn't enforce your rules, neither would the others.............. they would be redundant.
You mention a specific number (22) which suggests to me that the number of devices is being taken into account?
This implies that you have an external firewall and a number of internal firewalls............one for each device. I this case they are arranged in parallel which would make slightly more sense, as they may protect the individual devices from internal traffic?
-
February 22nd, 2007, 02:13 PM
#4
Junior Member
Sorry guys its "2" I misstyped it, anyway the reason behind this is that I work in a company where the firewall is under the control of the internet provider and we only have LAT ips here the wan is not under my control plus the ISP is not filtering everything like what should i do if i need to stop the messengers like MSN,AOL ect... or block certain sites ,thats why I want to set up the ISA 2004 firewall on my DNS/active directory server to resolve this issue.
-
February 22nd, 2007, 02:25 PM
#5
Originally Posted by harvesterofdata
{...} I want to set up the ISA 2004 firewall on my DNS/active directory server to resolve this issue.
Don't.. Use a seperate machine for ISA.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
February 23rd, 2007, 06:30 AM
#6
As SirDice said using your DNS/AD machine as a ISA server is a very very bad idea. You want your AD/Internal DNS server behind the firewall, you don't want it to be the firewall lol.
As they said its no problem to have 2 firewalls like that, just set up your IP's and routing appropriately, and your good to go.
-
February 23rd, 2007, 09:34 AM
#7
Junior Member
Originally Posted by cheyenne1212
As SirDice said using your DNS/AD machine as a ISA server is a very very bad idea. You want your AD/Internal DNS server behind the firewall, you don't want it to be the firewall lol.
As they said its no problem to have 2 firewalls like that, just set up your IP's and routing appropriately, and your good to go.
yea but the first firewall will make a good protection from any outside threat and my dns will be behind this firewall and the second is just made as a prison gate to deny access to certain sites and messengers from inside and its not a problem if its installed on the DNS server, the gateway of the users and the DNS will be the same and they cant pass to the first firewall without passing by the internal firewall.
Similar Threads
-
By heatwave in forum AntiOnline's General Chit Chat
Replies: 4
Last Post: October 12th, 2012, 08:53 AM
-
By c0br4 in forum AntiVirus Discussions
Replies: 9
Last Post: June 23rd, 2005, 12:06 AM
-
By stevecronin in forum The Security Tutorials Forum
Replies: 7
Last Post: January 23rd, 2005, 04:47 AM
-
By mjk in forum Firewall & Honeypot Discussions
Replies: 6
Last Post: March 12th, 2004, 05:40 AM
-
By Zato in forum Firewall & Honeypot Discussions
Replies: 2
Last Post: February 1st, 2004, 01:01 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|