I have configured software firewalls on servers in the past, so I am not a complete newb on these issues.
I will shortly have a fancy hardware firewall/security product coming my way.
Since I have more servers than this thing has ports, I also have a fancy gigabit switch coming my way:
I have set up DNS, several domain controllers, and SQL Server databases. My plan is to have the DCs "behind" the firewall and several IIS servers serving traffic. It would be nice if I can set up VPN so that remote users could access the file store.
I need to know at a high level what I should be doing to configure
a) the firewall for the DCs
b) the firewall for the DNS now and later (the DNS currently is improperly combined with the DCs)
c) the IIS boxes.
If there are "gotchas" to watch out for please advise. If there are best practices or resources please advise. Our staff is extremely limited (me) and our budget is somewhat limited, so what we need to do needs to live in our real world vs. what I might ideally do with $30,000 more to spend.
Keep in mind that I am familiar with the concepts of port blocking. Not familiar at all with "port forwarding" "tunnelling" and other things that will probably have to happen to make this all work. If you can define the basic concepts along the way I would very much appreciate it.
Thanks so much for your high-level guidance on how this should all fit.