Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Routers Vs Firewall

Posted on 2003-10-31
1
Medium Priority
?
445 Views
Last Modified: 2013-11-16
subnet A ----------router---------firewall--------------boundary router (in subnet B)


I've been given a class C address..

subnet A is x.y.z.a/25
subnet B is x.y.z.128/27

wat is the recommended IP addresses for the router, firewall and boundary router?

Wat are the interfaces used by the router, firewall and boundary router.

I'm thinking of something like this, but I'm not sure if I'm correct.

router interface
x.y.z.2

Firewall interface
x.y.z.130
x.y.z.1

Boundary router interface
x.y.z.129

Is this correct?

also, how would the routing table for the router and boundary router look like?
does firewalls have routing tables?


thanks, pretty new in this...

0
Comment
Question by:kebeen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
MaxQ earned 600 total points
ID: 9660665
Is there a reason to have a separate router bordering each subnet in addition to
having the firewall between them?  It's possible this design could be simplified
somewhat...firewalls can indeed act like routers (and routers like firewalls, just
to confuse matters).  Anyhow, going with the assumption that this arrangement
is necessary:

Redrawing with some labels (they are probably not all ethernet, this is just for illustration):

NetworkA-----[e0[RouterA]e1]-----[e0[firewall]e1]-----[e0[RouterB]e1]----NetworkB

Arranged this way, you actually have four networks, not two.  Since routing decisions
are made based on IP, those networks generally need to have distinct numbers (there
might be a way to do this with unnumbered interfaces, but let's leave that for now).
The good news is that the little point-to-point networks on either side of the firewall
don't need to be seen by anyone except the routers, so you can use private addresses
and not waste any of your class C.

RouterA:
 e0 x.y.z.1/25 (can be anything from 1 to 126; most pick the lowest or highest number for the router)
 e1 192.168.1.1/30
 routes:
  x.y.z.128/27 to 192.168.1.2

firewall:
 e0 192.168.1.2/30
 e1 192.168.2.2/30
 routes:
  x.y.z.0/25 to 192.168.1.1
  x.y.z.128/27 to 192.168.2.1

RouterB:
 e0 192.168.2.1/30
 e1 x.y.z.129/27
 routes:
  x.y.z.0/25 to 192.168.2.2
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question