Solved

Back To Back Firewall

Posted on 2004-08-30
3
158 Views
Last Modified: 2013-11-16
I've been requested to implement a back to back firewall using a current hardware solution we have in place and windows ISA server . . . I was just wondering if i could receive any suggestions on which should be placed on the outside (Internet) and which should be on the inside.

We also use a VPN, would this require two seperate VPN licenses:  one for the current solution and one for the ISA server?

0
Comment
Question by:mynamebecory2
3 Comments
 
LVL 4

Accepted Solution

by:
syn_ack_fin earned 125 total points
ID: 11931614
"which should be on the inside."
I'd recommend the hardware appliance on the outside and the ISA on the inside for these reasons:
1) The ISA is Windows based. Having a hardware appliance in front helps protect it since the hardware device will probably have a very hardened OS.
2) The ISA server would need to attach to your domain for transparent authentication if used. Nice feature, but not a good idea for a front firewall.
3) The ISA is probably going to be used as a caching server, thus having it on the inside prevents having an extra hop.

"We also use a VPN, would this require two seperate VPN licenses:"
No. You would only need a license for the device where you terminate the VPN. If you terminate the VPN to the ISA then all you would need to do is create a pass-through from the front device.

Good Luck
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now