Solved

Back To Back Firewall

Posted on 2004-08-30
3
157 Views
Last Modified: 2013-11-16
I've been requested to implement a back to back firewall using a current hardware solution we have in place and windows ISA server . . . I was just wondering if i could receive any suggestions on which should be placed on the outside (Internet) and which should be on the inside.

We also use a VPN, would this require two seperate VPN licenses:  one for the current solution and one for the ISA server?

0
Comment
Question by:mynamebecory2
3 Comments
 
LVL 4

Accepted Solution

by:
syn_ack_fin earned 125 total points
ID: 11931614
"which should be on the inside."
I'd recommend the hardware appliance on the outside and the ISA on the inside for these reasons:
1) The ISA is Windows based. Having a hardware appliance in front helps protect it since the hardware device will probably have a very hardened OS.
2) The ISA server would need to attach to your domain for transparent authentication if used. Nice feature, but not a good idea for a front firewall.
3) The ISA is probably going to be used as a caching server, thus having it on the inside prevents having an extra hop.

"We also use a VPN, would this require two seperate VPN licenses:"
No. You would only need a license for the device where you terminate the VPN. If you terminate the VPN to the ISA then all you would need to do is create a pass-through from the front device.

Good Luck
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now