Solved

Routers Vs Firewall

Posted on 2003-10-31
1
443 Views
Last Modified: 2013-11-16
subnet A ----------router---------firewall--------------boundary router (in subnet B)


I've been given a class C address..

subnet A is x.y.z.a/25
subnet B is x.y.z.128/27

wat is the recommended IP addresses for the router, firewall and boundary router?

Wat are the interfaces used by the router, firewall and boundary router.

I'm thinking of something like this, but I'm not sure if I'm correct.

router interface
x.y.z.2

Firewall interface
x.y.z.130
x.y.z.1

Boundary router interface
x.y.z.129

Is this correct?

also, how would the routing table for the router and boundary router look like?
does firewalls have routing tables?


thanks, pretty new in this...

0
Comment
Question by:kebeen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
MaxQ earned 150 total points
ID: 9660665
Is there a reason to have a separate router bordering each subnet in addition to
having the firewall between them?  It's possible this design could be simplified
somewhat...firewalls can indeed act like routers (and routers like firewalls, just
to confuse matters).  Anyhow, going with the assumption that this arrangement
is necessary:

Redrawing with some labels (they are probably not all ethernet, this is just for illustration):

NetworkA-----[e0[RouterA]e1]-----[e0[firewall]e1]-----[e0[RouterB]e1]----NetworkB

Arranged this way, you actually have four networks, not two.  Since routing decisions
are made based on IP, those networks generally need to have distinct numbers (there
might be a way to do this with unnumbered interfaces, but let's leave that for now).
The good news is that the little point-to-point networks on either side of the firewall
don't need to be seen by anyone except the routers, so you can use private addresses
and not waste any of your class C.

RouterA:
 e0 x.y.z.1/25 (can be anything from 1 to 126; most pick the lowest or highest number for the router)
 e1 192.168.1.1/30
 routes:
  x.y.z.128/27 to 192.168.1.2

firewall:
 e0 192.168.1.2/30
 e1 192.168.2.2/30
 routes:
  x.y.z.0/25 to 192.168.1.1
  x.y.z.128/27 to 192.168.2.1

RouterB:
 e0 192.168.2.1/30
 e1 x.y.z.129/27
 routes:
  x.y.z.0/25 to 192.168.2.2
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question