- Posts: 356
- Thank you received: 0
Firewall Setup
20 years 4 months ago #4423
by jhun
Firewall Setup was created by jhun
hi guys,
i have an ISA 2000 firewall and would like to set up an additional hardware firewall, a SonicWall firewall. As to my understanding, the ISA requires two NIC cards to work. One for the LAN and one for the WAN. Also the same config is on the Sonicwall, one LAN port and one WAN port.
My question is how can i incorporate the SonicWall firewall to our existing ISA firewall since i would like to have a network setup wherein i have the advantage of a hardware and a software firewall?...
thanks a million...
i have an ISA 2000 firewall and would like to set up an additional hardware firewall, a SonicWall firewall. As to my understanding, the ISA requires two NIC cards to work. One for the LAN and one for the WAN. Also the same config is on the Sonicwall, one LAN port and one WAN port.
My question is how can i incorporate the SonicWall firewall to our existing ISA firewall since i would like to have a network setup wherein i have the advantage of a hardware and a software firewall?...
thanks a million...
20 years 4 months ago #4429
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Firewall Setup
Well its a bit hard to help you out without an idea of what you want your network topology to look like. If you want the advantage of both.. I would suggest you place the hardware firewall closer to the perimeter (aka your border router / WAN link). After that you give yourself some DMZ space, and then you protect your internal network with the software firewall..
This way you reap the benefits of the dual protection for the internal network while the DMZ still remains protected behind the hardware firewall.
Many different setups come to mind.. read the 'firewall topologies' section for some ideas.. however just chaining them one behind the other without anything in the middle doesnt really seem worth the effort and expenditure.. not to mention the more complex you make these things, the more likely they are to fail because of some simple misconfiguration.
This way you reap the benefits of the dual protection for the internal network while the DMZ still remains protected behind the hardware firewall.
Many different setups come to mind.. read the 'firewall topologies' section for some ideas.. however just chaining them one behind the other without anything in the middle doesnt really seem worth the effort and expenditure.. not to mention the more complex you make these things, the more likely they are to fail because of some simple misconfiguration.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
- cybershield
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
20 years 4 months ago #4465
by cybershield
Replied by cybershield on topic Configuration ISA and SonicWall
Greetings, I too have the same configuration, using ISA with SonicWall. You have to be very careful with double-NAT configuration as it will break some of your traffic/applications.
Depending on what you're trying to do and your current SonicWall device, the overall design changes. SonicWall Soho Tele, TZ-170, 2040? Enhanced OS or Standard? ISA with 1 or 2 nics? ISA to be sure needs to NICs, 1 if it's just a proxy.
Email me directly if you need some more help.
Regards,
Sergio
Cybershield Sr. Engineer.
MCSE, SonicWall Reseller, Security certified blah blah etc. etc.
Depending on what you're trying to do and your current SonicWall device, the overall design changes. SonicWall Soho Tele, TZ-170, 2040? Enhanced OS or Standard? ISA with 1 or 2 nics? ISA to be sure needs to NICs, 1 if it's just a proxy.
Email me directly if you need some more help.
Regards,
Sergio
Cybershield Sr. Engineer.
MCSE, SonicWall Reseller, Security certified blah blah etc. etc.
20 years 4 months ago #4466
by jhun
Replied by jhun on topic Re: Firewall Setup
hi to all
my apologies if i was not clear with my inquiry. well our ISA server uses two (2) NICs, one for the external ip (or fro the WAN) and one for the internal ip (for the LAN) and the Sonicwall Firewall is a SOHO3.
the setup that i would like to do is that i would like to build a tight defense by using the two firewalls. i'm planning to put a dmz in between. (i don't know if i'm right on this but can i put something like a mail relay for the dmz so that i could filter incoming mails and those that are with virus attachments are quarantine in the mail relay before entering the internal email server..please correct me if i'm wrong)
have a nice day...
my apologies if i was not clear with my inquiry. well our ISA server uses two (2) NICs, one for the external ip (or fro the WAN) and one for the internal ip (for the LAN) and the Sonicwall Firewall is a SOHO3.
the setup that i would like to do is that i would like to build a tight defense by using the two firewalls. i'm planning to put a dmz in between. (i don't know if i'm right on this but can i put something like a mail relay for the dmz so that i could filter incoming mails and those that are with virus attachments are quarantine in the mail relay before entering the internal email server..please correct me if i'm wrong)
have a nice day...
Time to create page: 0.121 seconds