Solved

Routers Vs Firewall

Posted on 2003-10-31
1
441 Views
Last Modified: 2013-11-16
subnet A ----------router---------firewall--------------boundary router (in subnet B)


I've been given a class C address..

subnet A is x.y.z.a/25
subnet B is x.y.z.128/27

wat is the recommended IP addresses for the router, firewall and boundary router?

Wat are the interfaces used by the router, firewall and boundary router.

I'm thinking of something like this, but I'm not sure if I'm correct.

router interface
x.y.z.2

Firewall interface
x.y.z.130
x.y.z.1

Boundary router interface
x.y.z.129

Is this correct?

also, how would the routing table for the router and boundary router look like?
does firewalls have routing tables?


thanks, pretty new in this...

0
Comment
Question by:kebeen
1 Comment
 
LVL 3

Accepted Solution

by:
MaxQ earned 150 total points
ID: 9660665
Is there a reason to have a separate router bordering each subnet in addition to
having the firewall between them?  It's possible this design could be simplified
somewhat...firewalls can indeed act like routers (and routers like firewalls, just
to confuse matters).  Anyhow, going with the assumption that this arrangement
is necessary:

Redrawing with some labels (they are probably not all ethernet, this is just for illustration):

NetworkA-----[e0[RouterA]e1]-----[e0[firewall]e1]-----[e0[RouterB]e1]----NetworkB

Arranged this way, you actually have four networks, not two.  Since routing decisions
are made based on IP, those networks generally need to have distinct numbers (there
might be a way to do this with unnumbered interfaces, but let's leave that for now).
The good news is that the little point-to-point networks on either side of the firewall
don't need to be seen by anyone except the routers, so you can use private addresses
and not waste any of your class C.

RouterA:
 e0 x.y.z.1/25 (can be anything from 1 to 126; most pick the lowest or highest number for the router)
 e1 192.168.1.1/30
 routes:
  x.y.z.128/27 to 192.168.1.2

firewall:
 e0 192.168.1.2/30
 e1 192.168.2.2/30
 routes:
  x.y.z.0/25 to 192.168.1.1
  x.y.z.128/27 to 192.168.2.1

RouterB:
 e0 192.168.2.1/30
 e1 x.y.z.129/27
 routes:
  x.y.z.0/25 to 192.168.2.2
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question