first frontend backend firewall setup

Posted on 2004-11-22
Last Modified: 2013-11-16
I want to set up a frontend backend firewall setup for our company . The frontend firewall will be a sonicwall pro 2040 and the backend will be isa server 2000. I have the 2040 in place running as a frontend. I than put isa server behind it but when I enter the isa servers ip address in as my proxy I can't get to the internet. Is there something that I must do on the frontend firewall for sonicwall pro 2040  to be able to gain internet access and proxy it to the internal lan clients. Also let me tell you the physical setup I have the dsl connected to a switch the external interface of the sonicwall pro 2040  and the isa server is also connected to that switch. The isa box is using the external interface is using the ip address of astaro's internal interface as its gateway.
Question by:junioradmin55
    LVL 4

    Accepted Solution

    you'll need to allow the isa server out via the firewall - so you'll need to put a rule on the sonicwall, something like this:

    Click on Firewall > then Access Rules > then click Add

    Action = Allow
    Service = to start of with select: Any <then you can lock the rule down to suit your requirements>
    Ethernet = LAN
    Address Range Begin: ip address of isa server
    Address Range End: ip address of isa server

    Ethernet = *
    Address Range Begin: *
    Address Range End: <leave blank>
    Comment = Allow ISA Server Outbound Internet Access

    then click OK

    see how that goes for starters

    Author Comment

    Thanks for the reply actually I just stared this job and I'm new to the entire dmz concept. Most dmz's I've set up in the past have been using 3 interfaces on a single firewall. I think I'm going to test this on my home lan before I implement it at work.So I would like to setup a test lab at home to practice setting up a a dmz. At home I have the following products isa server 2000 and 2004 astaro version 5 and also a netgear fvs318 router. I'm trying to decide if I should use the netgear on the frontend and isa 2004 on the backend or if I should use astaro on the front and isa server 2004 on the back. My internal lan will be 192.168.15 the wan will be my cable modem and the dmz will be 192.168.45. I would like to ask you about interface setup what default gaewats will i use for the setup.
    LVL 4

    Expert Comment


    I believe I have answered junioradmin55 original question, which was 'to be able to gain internet access and proxy it to the internal lan clients'

    LVL 4

    Expert Comment

    thanks modulo

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Let’s list some of the technologies that enable smooth teleworking. 
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now