Solved

Firewall behind a firewall

Posted on 2008-09-29
5
206 Views
Last Modified: 2010-04-09
My network looks like this  ISP===RTR====FW++++switches-----LAN
I tried to put another firewall after the first on the same network but it doesn't like the inside and outside interface on the same network, any way around that other than adding another network?
0
Comment
Question by:jrri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:flyingsky
ID: 22600046
first of all, I am not sure why you need another firewall, unless you are talking about application firewall (like MS ISA), which you can install on the server.
If you really need another firewall, you will have to add another software. Firewall are usually layer3 (and above) device, which needs to have different networks on it's each interface.
0
 
LVL 1

Author Comment

by:jrri
ID: 22600096
Both are hardware, first is a Fotigate 60 and the second is a Cisco ASA5505.  The second one has some features the first doesn't and I didn't have time to convert the config of the first to the second.  I'm a lone IT guy in a small business so I'm OK at everything but for time sake didn't want to fumble through the conversion.  Also didn't want to rush it and leave some monster holes open or other bad things.
0
 
LVL 18

Accepted Solution

by:
flyingsky earned 275 total points
ID: 22600118
Then you will have to put another network there (include Fotigate 60's LAN interface and Cisco's WAN interface)
0
 
LVL 12

Assisted Solution

by:Pugglewuggle
Pugglewuggle earned 75 total points
ID: 22600225
Yes, another network must exist.
Try when at all possible to avoid having stacked firewalls - it can cause some serious issues later on. The best thing to do is to have a unified security platform that handles everything. It will save you lots of trouble and is more secure because that one platform can identify attacks and shut them down because it sees something funny happening on two different levels, where as two seperate devices may not see the attack at all.
More is not always better for security. This is an area where "less is more" often applies.
I highly recommend the Cisco ASA series if you can get one.
0
 
LVL 1

Author Comment

by:jrri
ID: 22603981
I kinda thought I'd either have to add another network which isn't all bad or replace the existing device but I figured I'd ask
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question