• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 439
  • Last Modified:

PIX 515E Firewall Setup

I am seeking for professional support in improving my existing network security levels and maximizing the business continuity by minimizing the risk in LAN & WAN.

I have 3 interfaces - inside - 192.168.150.0/24, outside - 202.155.135.0/29 and DMZ 10.10.10.1/24. My exchange server, proxy server and web server - (192.168.150.0/24),  should be connected to “inside” interface and in “DMZ” – (10.10.10.1/24) I am planning to implement Trend  Micro SMTP gateway which could pull all SMTP traffic which is forwarding by my ISP, my ISP is mail forwarding to 202.155.135.0/29 address. My“outside” interface is connected to VSAT modem (Gateway - 202.155.135.0/29). And from my exchange side all outgoing SMTP traffic is forwarded to ISP DNS address (202.155.0.0).

In addition all my proxy traffic must route through my ISA server which is in “inside” interface. I have plans to enable outlook web access in a additional front-end server; do you recommend this if it yes where should I keep the server in DMZ or Inside?


Thanks
Viraj
0
virajw2310
Asked:
virajw2310
1 Solution
 
naveedbCommented:
One possible Recomendation could be to:

Outside:
VSAT Gateway Modem:

DMZ:
ISA Server
Proxy Server
Web Server
Outlook Web Access Front End Server

Inside
Exchange Server
All Internal Clients

On your PIX, you will allow Internal Clients to access DMZ for Proxy and Web Server

Configure the Outlook Web Access Frond End server to read mailbox information from Exchange Server. You can also create a static NAT entry to forward all incomming traffic from your ISP directly into OWA Frond End server and configure it to forward it to your internal Exchange Server. Mailboxes should will reside in internal Exchange Server. OWA server will need to have access to AD for Client Authentication.

Create Static NATs for your Webserver on PIX if it needs to be accessed from the Internet, if not, you can move it to your inside Network.

Again, this is only recomendation, your Business requirements may or may not work with it. You may also look into hiring a third partry Network Security Company to design it for you.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now