Solved

Firewall behind a firewall

Posted on 2008-09-29
5
204 Views
Last Modified: 2010-04-09
My network looks like this  ISP===RTR====FW++++switches-----LAN
I tried to put another firewall after the first on the same network but it doesn't like the inside and outside interface on the same network, any way around that other than adding another network?
0
Comment
Question by:jrri
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:flyingsky
ID: 22600046
first of all, I am not sure why you need another firewall, unless you are talking about application firewall (like MS ISA), which you can install on the server.
If you really need another firewall, you will have to add another software. Firewall are usually layer3 (and above) device, which needs to have different networks on it's each interface.
0
 
LVL 1

Author Comment

by:jrri
ID: 22600096
Both are hardware, first is a Fotigate 60 and the second is a Cisco ASA5505.  The second one has some features the first doesn't and I didn't have time to convert the config of the first to the second.  I'm a lone IT guy in a small business so I'm OK at everything but for time sake didn't want to fumble through the conversion.  Also didn't want to rush it and leave some monster holes open or other bad things.
0
 
LVL 18

Accepted Solution

by:
flyingsky earned 275 total points
ID: 22600118
Then you will have to put another network there (include Fotigate 60's LAN interface and Cisco's WAN interface)
0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 75 total points
ID: 22600225
Yes, another network must exist.
Try when at all possible to avoid having stacked firewalls - it can cause some serious issues later on. The best thing to do is to have a unified security platform that handles everything. It will save you lots of trouble and is more secure because that one platform can identify attacks and shut them down because it sees something funny happening on two different levels, where as two seperate devices may not see the attack at all.
More is not always better for security. This is an area where "less is more" often applies.
I highly recommend the Cisco ASA series if you can get one.
0
 
LVL 1

Author Comment

by:jrri
ID: 22603981
I kinda thought I'd either have to add another network which isn't all bad or replace the existing device but I figured I'd ask
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
l2tp tunnel from pc to router 14 94
How to configure this IP Address to my firewall 15 118
Fortigate Question 5 23
Monitor Bandwidth throughput in Fortigate 100D 1 35
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question