RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)

From: Fernando Cardoso (fernando.cardoso@whatevernet.com)
Date: 09/26/01

• Previous message: Alderson, John: "RE: Windows Update"
• In reply to: Jorge Roxo: "Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
• Next in thread: António: "Re: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Fernando Cardoso" <fernando.cardoso@whatevernet.com>
To: <focus-ms@securityfocus.com>
Subject: RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)
Date: Wed, 26 Sep 2001 17:19:49 +0100
Message-ID: <NLEALDDOMLPPILFMEEJAAENBCHAA.fernando.cardoso@whatevernet.com>

Ola´ Jorge

I'm not sure if I fully understand the question, but you are thinking in
personal firewalls for the servers, right? From what you described, the best
solution might be the creation of a dedicated server network and putting a
firewall as a gateway. You can add a NIC to that box, make it your default
gateway and filter the access from/to the internal networks to the servers
and Internet.

But maybe I'm being too simplistic...

Um abraco

Fernando

--
Fernando Cardoso - Security Consultant       WhatEverNet Computing, S.A.
Phone : +351 21 7994200                      Praca de Alvalade, 6 - Piso 6
Fax   : +351 21 7994242                      1700-036 Lisboa - Portugal
email : fernando.cardoso@whatevernet.com     http://www.whatevernet.com/
>
> We are considering using a multiple installation of firewalls in all our
> servers. All servers are Windows 2000 Advanced Server with no IIS as we
> have no website or web services other than Internet access and e-mail.
> Both Internet and e-mail are accessed via a separate proxy server
> running Linux Red Hat 6.1, and it is necessary for the user to
> authenticate him/herself before any e-mail or web access is done. The
> idea is to establish firewalls between all our servers inside our LAN,
> so all traffic inside the network is filtered by the firewalls, and also
> as we have several domains, to try and stem the spreading of virus
> inside the network ( beside the fact that all pcs have AV and its daily
> updated ) by filtering the traffic at the Servers using the firewalls
> and the AV.
>
> The question are:
>
> We know it may affect performance inside the network, but…
>
> - Will it slow the network too much? (we are talking about 80 computers
> and 4 servers plus the proxy
>   server itself, so all told 5 servers)
>
> - Is this possible to implement beside the normal confidence policies?
>
> - Has anyone used this tactic before?
>
> - What could be/are there any more good/bad sides to this idea?
>
> - What firewall would be best? Zone Alarm? Black Ice? Wingate? TPF?
>
> Many thanks for all help and comments.
>
> Jorge Roxo,
>
> TCSA/Sotagus Computer Systems Administrator.
>
>
_____________________________________________________________________
                      INTERNET MAIL FOOTER 
A presente mensagem pode conter informação considerada confidencial.
Se o receptor desta mensagem não for o destinatário indicado, fica
expressamente proibido de copiar ou endereçar a mensagem a terceiros.
Em tal situação, o receptor deverá destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
---------------------------------------------------------------------
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------

---

• Previous message: Alderson, John: "RE: Windows Update"
• In reply to: Jorge Roxo: "Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
• Next in thread: António: "Re: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: VPN equals slow network folder access ... primary and secondary WINS servers are the same as the DNS servers. ... At home the VPN has a fixed 10.0.xx.xx address. ... Pressing F5 in My Network Places ... Likewise Internet Explorer ... (microsoft.public.windowsxp.work_remotely) Re: Fine for 3 years - then Internal Network unavailable ... Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net ... I have two windows 2k servers running IIS and two windows 2k servers running ... All servers have dual network cards. ... ensure that the database servers cannot be seen from the internet and also ... (microsoft.public.win2000.networking) Re: Can not see my own websites after setting up routing ... Now I have to setup two servers as my external DNS servers (ns1.thenoc.us ... Networking, Internet, Routing, VPN Troubleshooting on ... This issues seems to only happen on my internal network. ... (microsoft.public.win2000.ras_routing) Re: Windows client - internet connection sharing ... >> ADSL line to provide internet access via LAN to a ... > This is all about how you interface your FreeBSD ... > servers and so forth. ... This enables you to set up a 'DMZ' network, ... (freebsd-questions) Re: Windows client - internet connection sharing ... or USB port on your FreeBSD box. ... This enables you to set up a 'DMZ' network, ... instance have several servers visible on the Internet. ... (freebsd-questions)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)