Solved

Back To Back Firewall

Posted on 2004-08-30
3
163 Views
Last Modified: 2013-11-16
I've been requested to implement a back to back firewall using a current hardware solution we have in place and windows ISA server . . . I was just wondering if i could receive any suggestions on which should be placed on the outside (Internet) and which should be on the inside.

We also use a VPN, would this require two seperate VPN licenses:  one for the current solution and one for the ISA server?

0
Comment
Question by:mynamebecory2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Accepted Solution

by:
syn_ack_fin earned 125 total points
ID: 11931614
"which should be on the inside."
I'd recommend the hardware appliance on the outside and the ISA on the inside for these reasons:
1) The ISA is Windows based. Having a hardware appliance in front helps protect it since the hardware device will probably have a very hardened OS.
2) The ISA server would need to attach to your domain for transparent authentication if used. Nice feature, but not a good idea for a front firewall.
3) The ISA is probably going to be used as a caching server, thus having it on the inside prevents having an extra hop.

"We also use a VPN, would this require two seperate VPN licenses:"
No. You would only need a license for the device where you terminate the VPN. If you terminate the VPN to the ISA then all you would need to do is create a pass-through from the front device.

Good Luck
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VLAN CONFIGURATION 2 64
what is mstp 6 68
Vmotion configuration 4 58
Citrix App 7 34
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question