Solved

Firewall behind a firewall

Posted on 2008-09-29
5
199 Views
Last Modified: 2010-04-09
My network looks like this  ISP===RTR====FW++++switches-----LAN
I tried to put another firewall after the first on the same network but it doesn't like the inside and outside interface on the same network, any way around that other than adding another network?
0
Comment
Question by:jrri
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:flyingsky
Comment Utility
first of all, I am not sure why you need another firewall, unless you are talking about application firewall (like MS ISA), which you can install on the server.
If you really need another firewall, you will have to add another software. Firewall are usually layer3 (and above) device, which needs to have different networks on it's each interface.
0
 
LVL 1

Author Comment

by:jrri
Comment Utility
Both are hardware, first is a Fotigate 60 and the second is a Cisco ASA5505.  The second one has some features the first doesn't and I didn't have time to convert the config of the first to the second.  I'm a lone IT guy in a small business so I'm OK at everything but for time sake didn't want to fumble through the conversion.  Also didn't want to rush it and leave some monster holes open or other bad things.
0
 
LVL 18

Accepted Solution

by:
flyingsky earned 275 total points
Comment Utility
Then you will have to put another network there (include Fotigate 60's LAN interface and Cisco's WAN interface)
0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 75 total points
Comment Utility
Yes, another network must exist.
Try when at all possible to avoid having stacked firewalls - it can cause some serious issues later on. The best thing to do is to have a unified security platform that handles everything. It will save you lots of trouble and is more secure because that one platform can identify attacks and shut them down because it sees something funny happening on two different levels, where as two seperate devices may not see the attack at all.
More is not always better for security. This is an area where "less is more" often applies.
I highly recommend the Cisco ASA series if you can get one.
0
 
LVL 1

Author Comment

by:jrri
Comment Utility
I kinda thought I'd either have to add another network which isn't all bad or replace the existing device but I figured I'd ask
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now