Back To Back Firewall

Posted on 2004-08-30
Medium Priority
Last Modified: 2013-11-16
I've been requested to implement a back to back firewall using a current hardware solution we have in place and windows ISA server . . . I was just wondering if i could receive any suggestions on which should be placed on the outside (Internet) and which should be on the inside.

We also use a VPN, would this require two seperate VPN licenses:  one for the current solution and one for the ISA server?

Question by:mynamebecory2
1 Comment

Accepted Solution

syn_ack_fin earned 500 total points
ID: 11931614
"which should be on the inside."
I'd recommend the hardware appliance on the outside and the ISA on the inside for these reasons:
1) The ISA is Windows based. Having a hardware appliance in front helps protect it since the hardware device will probably have a very hardened OS.
2) The ISA server would need to attach to your domain for transparent authentication if used. Nice feature, but not a good idea for a front firewall.
3) The ISA is probably going to be used as a caching server, thus having it on the inside prevents having an extra hop.

"We also use a VPN, would this require two seperate VPN licenses:"
No. You would only need a license for the device where you terminate the VPN. If you terminate the VPN to the ISA then all you would need to do is create a pass-through from the front device.

Good Luck

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question