Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Firewall behind a firewall

Posted on 2008-09-29
5
Medium Priority
?
209 Views
Last Modified: 2010-04-09
My network looks like this  ISP===RTR====FW++++switches-----LAN
I tried to put another firewall after the first on the same network but it doesn't like the inside and outside interface on the same network, any way around that other than adding another network?
0
Comment
Question by:jrri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:flyingsky
ID: 22600046
first of all, I am not sure why you need another firewall, unless you are talking about application firewall (like MS ISA), which you can install on the server.
If you really need another firewall, you will have to add another software. Firewall are usually layer3 (and above) device, which needs to have different networks on it's each interface.
0
 
LVL 1

Author Comment

by:jrri
ID: 22600096
Both are hardware, first is a Fotigate 60 and the second is a Cisco ASA5505.  The second one has some features the first doesn't and I didn't have time to convert the config of the first to the second.  I'm a lone IT guy in a small business so I'm OK at everything but for time sake didn't want to fumble through the conversion.  Also didn't want to rush it and leave some monster holes open or other bad things.
0
 
LVL 18

Accepted Solution

by:
flyingsky earned 1100 total points
ID: 22600118
Then you will have to put another network there (include Fotigate 60's LAN interface and Cisco's WAN interface)
0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 300 total points
ID: 22600225
Yes, another network must exist.
Try when at all possible to avoid having stacked firewalls - it can cause some serious issues later on. The best thing to do is to have a unified security platform that handles everything. It will save you lots of trouble and is more secure because that one platform can identify attacks and shut them down because it sees something funny happening on two different levels, where as two seperate devices may not see the attack at all.
More is not always better for security. This is an area where "less is more" often applies.
I highly recommend the Cisco ASA series if you can get one.
0
 
LVL 1

Author Comment

by:jrri
ID: 22603981
I kinda thought I'd either have to add another network which isn't all bad or replace the existing device but I figured I'd ask
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question