Network Design

Regarding to your question, if you could provide a network topology diagram it would help us understand bout your question more. For now I guess that you would have to worry more about the authentication server/part of your network more than the firewall. As RDP heavily utilizes an authentication server, you would have to make sure that your "ports" are properly configured to allow the necessary traffic both inbound and outbound within the LAN. Are you planning to place 1 or 2 firewalls? And I recommend Cisco products instead cause they are always easier to configure.

--------------------------------------

Please award helpful / correct if this post has helped

By: Another VMware newbie, VMthinker

Hi Zolf,

The local users won't have any issues as they will connect directly to the servers without any firewall in between. For the external users, you will need to setup port forwarding/NAT(Network Address Translation) on the Firewall to your internal servers so when a user sends request to RDP from outside your network, it will first hit the firewall and than forwarded to relevant server depending on the NAT. Hope this helps.

Regards.

here is the diagram of my network and were i am planning to place the firewall
Kaizen-Network-2.jpg

VMthinker:

>>would have to make sure that your "ports" are properly configured to allow the necessary traffic
can you please tell me what ports i need to shut and open

>>Are you planning to place 1 or 2 firewalls?
1 firewall

>>And I recommend Cisco products instead cause they are always easier to configure.
can you suggest some

h4himanshu:
>>you will need to setup port forwarding/NAT(Network Address Translation) on the Firewall to
can you please refer to me some tutorial.i am not expert in this

ujitnos:
>>its recommended to provide the external users access to only the application and not RDP.
yes when they RDP only the application opens for them. i have taken care of this issue.

>>If you access the application via a client installed on  laptop or destop, its recommended to allow specific ports to your application.
how do i do this.can you please tell me

>>All users will RDP to the server and not to the firewall.
will this work,since the firewall is between the internet and the AS

>> I would personally reconmmend you to avoid RDP, if specific application based ports can be allowed for internal/external access.

till i switch my application to web based application,i am forced to let the company work with the RDP

Well for more on the port numbers I suggest you read up on this http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers. Not only do you need to allow RDP ports but you would also need to allow normal ports like port 80 "http" and such for user access.

As for the firewall, may I suggest that you place 1 each for your servers and the one that you have planned? As your network model suggest that you may have multiple problems with only 1 firewall guarding the entire network.

If you are looking for a mid range enterprise version, may I suggest the Cisco ASA firewall series? I also suggest that you add some router devices to your network for more overall sturdy control.

I also find your network topology a bit flawed due to vast amount of switches involved. May I suggest using only 2 Cisco switches with a cisco router to perform router on stick and inter VLAN communication? This is to reduce the risk of your network device with security vulnerabilities.

VMthinker:

thanks for your comments.
can you please tell me in my network design were i need to place the switches and router and what switch model and firewall i should go for. please help me to redesign my network more professionally.

thanks