Configure Software and Hardware Firewall - HELP PLEASE!
Posted on 2007-10-11
I have a software firewall which is a Kerio Winroute Firewall. It runs all my traffic rules for protection to the LAN (the Lan IP is 192.168.0.xxx) - It also runs content filtering. The firewall runs on WIndows Server 2003 SP2 and has 2 NICs.
I now need to host IPSec VPN Tunnels to branch offices and also need to beef up my security at the HQ end.
I have a Netgear firewall - its a FVS338 Prosafe firewall.
I want to configure the Netgear firewall to terminate the VPN Tunnels (as the Kerio Firewall cant do this) which will be initiated from remote offices (single users) using Draytek routers. BUT I want to keep my rules on the software firewall.
If i connect it all up i guess this is how it would be:
Netgear firewall connects to Broadband modem - ip address is = xxx.xxx.xxx.xxx (The netgear firewall runds DHCP and is then the gateway for the interface connecting to it - i.e the NIC from the software firewall)
My software firewall then connects to the netgear firewall - IP address is 192.168.1.2, subnet is 255.255.255.0 (provided by DHCP).
As the server runnning the software firewall has 2 Network cards the second network card connects to the LAN - ip address 192.168.0.1 - subnet 255.255.255.0 (gateway IP is blank).
The questions i now have are:
1. Will this setup work?
2. Will the VPN clients be able to access my LAN? (this is v. important)
3. I am basically using the hardware firewall to beef up security and forward all traffic to ip address 192.168.1.2 (which is the internet NIC for the software firewall).
Please help as im stuck and confused.
If you need any more info please do not hesitate to ask.
Many thanks for your help in advance.