Firewalls: mapping destination sets to different webservers. Is this standard functionality?
Posted on 2007-03-29
We're going to replace our firewall, ISA Server 2000 on Windows 2000. The server is old, so needs to be replaced, and we're having other problems with ISA Server. We're hoping to solve these two problems in one go.
One of the things we need is what I call "Destination set mapping", but I'm not sure whether this is the right term. I'll give an example. We use several domain names, like xyz.com and pqr.net. We have several webservers, each serving different domain names, running Tomcat on port 8080. Some of the servers run IIS as well on port 80.
xyz.com:80 => ISA Server: Destionation Set 1 => server1:8080 (Tomcat)
pqr.net:80 => ISA Server: Destination Set 2 => server2:8080 (Tomcat)
webmail.pqr.net:80 => ISA Server: Destination Set 3 => server2:80 (IIS)
On ISA Server this is quite easy to handle. You create a destination set in the Policy Elements (a list of domain names basically), and then create Web Publishing Rules, using these destination sets. So this is pretty simple to setup.
One of the options is to buy a basic Cisco (or Sonicwall, etc) firewall, or buy a lightweight server and install Smoothwall or something similar. I would like to know whether this functionality is standard in firewalls like the simple Cisco Pix 501, or Smoothwall. Another requirement is that this functionality should be configurable using the browser (or GUI), and it should be straightforward, like ISA Server does it.