Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Back To Back Firewall

Posted on 2004-08-30
3
Medium Priority
?
171 Views
Last Modified: 2013-11-16
I've been requested to implement a back to back firewall using a current hardware solution we have in place and windows ISA server . . . I was just wondering if i could receive any suggestions on which should be placed on the outside (Internet) and which should be on the inside.

We also use a VPN, would this require two seperate VPN licenses:  one for the current solution and one for the ISA server?

0
Comment
Question by:mynamebecory2
3 Comments
 
LVL 4

Accepted Solution

by:
syn_ack_fin earned 500 total points
ID: 11931614
"which should be on the inside."
I'd recommend the hardware appliance on the outside and the ISA on the inside for these reasons:
1) The ISA is Windows based. Having a hardware appliance in front helps protect it since the hardware device will probably have a very hardened OS.
2) The ISA server would need to attach to your domain for transparent authentication if used. Nice feature, but not a good idea for a front firewall.
3) The ISA is probably going to be used as a caching server, thus having it on the inside prevents having an extra hop.

"We also use a VPN, would this require two seperate VPN licenses:"
No. You would only need a license for the device where you terminate the VPN. If you terminate the VPN to the ISA then all you would need to do is create a pass-through from the front device.

Good Luck
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This program is used to assist in finding and resolving common problems with wireless connections.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question