?
Solved

Firewall behind a firewall

Posted on 2008-09-29
5
Medium Priority
?
211 Views
Last Modified: 2010-04-09
My network looks like this  ISP===RTR====FW++++switches-----LAN
I tried to put another firewall after the first on the same network but it doesn't like the inside and outside interface on the same network, any way around that other than adding another network?
0
Comment
Question by:jrri
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:flyingsky
ID: 22600046
first of all, I am not sure why you need another firewall, unless you are talking about application firewall (like MS ISA), which you can install on the server.
If you really need another firewall, you will have to add another software. Firewall are usually layer3 (and above) device, which needs to have different networks on it's each interface.
0
 
LVL 1

Author Comment

by:jrri
ID: 22600096
Both are hardware, first is a Fotigate 60 and the second is a Cisco ASA5505.  The second one has some features the first doesn't and I didn't have time to convert the config of the first to the second.  I'm a lone IT guy in a small business so I'm OK at everything but for time sake didn't want to fumble through the conversion.  Also didn't want to rush it and leave some monster holes open or other bad things.
0
 
LVL 18

Accepted Solution

by:
flyingsky earned 1100 total points
ID: 22600118
Then you will have to put another network there (include Fotigate 60's LAN interface and Cisco's WAN interface)
0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 300 total points
ID: 22600225
Yes, another network must exist.
Try when at all possible to avoid having stacked firewalls - it can cause some serious issues later on. The best thing to do is to have a unified security platform that handles everything. It will save you lots of trouble and is more secure because that one platform can identify attacks and shut them down because it sees something funny happening on two different levels, where as two seperate devices may not see the attack at all.
More is not always better for security. This is an area where "less is more" often applies.
I highly recommend the Cisco ASA series if you can get one.
0
 
LVL 1

Author Comment

by:jrri
ID: 22603981
I kinda thought I'd either have to add another network which isn't all bad or replace the existing device but I figured I'd ask
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Integration Management Part 2
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question