Re: Firewall that will handle 2 ISP's and a DMZ

From: Fokko (f.drenthnospam_at_nospamhccnet.nl)
Date: 07/24/03 

Date: Thu, 24 Jul 2003 22:41:33 +0200

it's depending on the type of firewall you are using
Cisco, netscreen and Check Point can do this
It's a routing issue in combination with the correct rule set and you
need a firewall with 3 or more interfaces

Please note that incoming web traffic (website) is going to be a
problem, because of DNS isues with two ISP's

ITguy_uk wrote:
> Could anyone suggest a firewall or has experience of a firewall that
> will do the following:
>
> 1. Handle two separate connection to an ISP (through Broadband
> router/modem)
>
> |------ISP 1 ----ADSL ROUTER----INET
> |
> Internal Net---FIREWALL---|
> |
> |------ISP 2 -----ADSL ROUTER----INET
>
> 2. Provide full DMZ functionality, by this I mean a DMZ that:
>
> That allows a server to be placed outide the internal networks
> firewall but inside a less secure external firewall and not using NAT
> to funnel external traffic to the server on the internal network.(see
> below)
>
> |-----ISP 1----ADSL ROUTER-----INET
> |
> Int Net--FIREWALL|
> |
> |-----DMZ WEB SERVER---FIREWALL---ISP 2---ADSL
> ROUTER-----INET
>
> I know this can be done with two firewalls, but I would like to be
> able to use a single box to provide a DMZ, almost like two virtual
> firewalls within one box, one for external DMZ and other for internal
> network.
>
> This is so that we can provide non essential internet access on one
> internet connection and use the other connection for hosting of a web
> server within a DMZ. This is so that the non-essential traffic does
> not affect the essential traffic to the hosted web server and the
> webserver is protected to some extent by the external firewall but
> isolated from the internal network.
>
> 3. Handle approx 40-50 users outgoing for HTTP, FTP, DNS and 40-50
> HTTPS, HTTP, custom services incoming to webserver within DMZ
>
> Any suggestions or experience of firewalls with this functionality
> would be appreciated.
>
> thanks in advance

Relevant Pages

  • Re: Forest Trust between Production & DMZ
    ... >> more vulnerable, external, then we are speaking of the trust ... If your DMZ gets whacked, ... To avoid the Swiss-cheese affect on the firewall, ... > Network segregation was a good thing at times when Internet Protocol was ...
    (microsoft.public.windows.server.security)
  • Re: WSS v2 Intranet and Extranet config with DMZ...
    ... We also have a DMZ AD with a one way trust. ... in each with a one-way trust setup so internal users can access the WSS ... We have a firewall between our WSS installation and the big bad Internet. ...
    (microsoft.public.sharepoint.windowsservices)
  • RE: Whats wrong with this topology?
    ... it's better to have the DMZ ... complicates all the filtering rules on your firewall... ... Better is to have the DMZ physically apart from your LAN (with the firewall ... region system (hostile internet vs. not very secure internal lan) because ...
    (Security-Basics)
  • Re: setting up dmz server for etrn?
    ... internet or your IP change on a regular basis [or you are a fan, ... DMZ / internal network / setting up your own SMTP servers, ... IPs, and you have control of the NAT firewall between the 2, is to just ...
    (comp.mail.sendmail)
  • Re: avast
    ... > Just did a clean installation of xp pro sp1 and download 'avast anti ... Did you firewall before connecting to the internet? ... Internet and patch with the critical updates? ... Why you should use a computer firewall.. ...
    (microsoft.public.windowsxp.general)