I have a new client that is a state historical society museum.The Firebox is running Fireware v.9.0, which I know is quite out of date, but I'm a little leery of updating it at this point, since it's a rather old router to begin with. Maybe someone has some advice about that as well as my main question below. I'm relatively new to working with this hardware, and I'm working with the following configuration:
Network #1 - internal "Trusted" network, subnet 10.10.10.1/24
Network #2 - Optional network, subnet 10.0.2.1/24
Network #3 - Optional network, subnet 10.0.3.1/24
Network #2 contains several workstations in the museum's library that are used by the public to access the Internet and the webservers that are going to be on Network #3. Network #3 will contain 2 web servers (not yet in use) that house the museum's library catalog and collections databases.
What I'm trying to figure out is how to enable routing between Network #1 and Network #3 so that I can open some ports from the internal, trusted network to the web servers for the purposes of management of the web applications running on those servers and updating data. The data on these two servers needs to be updated on a fairly regular basis. My goal is to be able to open the required ports internally only between Network #1 and Network #3 without exposing them to the Internet.
I thought that this should be pretty simple by adding filters to specify opening the required ports between the Trusted Network and Optional Network #3. But rather than experimenting using the documentation I have and my own knowledge of routing, I thought I'd check here first to see if someone can give me some easy and direct method that they know will work, and/or confirm that I'm on the right track.