Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

2006 and DMZ's

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> DMZ >> 2006 and DMZ's Page: [1]
Login
Message << Older Topic   Newer Topic >>
2006 and DMZ's - 21.Feb.2007 12:07:10 PM   
clarkeyi

 

Posts: 22
Joined: 11.Jan.2007
Status: offline 		Hello
I have a question on DMZ's/Web Publishing

My ISA array is hosted in a DMZ(1) off a Checkpoint FW the ISA servers have 3 NICs, 1 internal and external. the other one is inter-array.  I have another DMZ(2) configured off my Checkpoint FW which host web servers which I would like to publish internally and externally.
                
            10.40.1.x ISA (DMZ1)
                         |
Internet--------CP----------------LAN  
                         |
            10.40.2.x Web Servers (DMZ2)

My questions are:
1. Should I set up a new network with a rule to allow traffic from ISA (Internal) to DMZ2.  Source:Internal, Destination:DMZ2, ROUTE

2. I have put in place some web publishing rules for internal and external access to the web servers in DMZ2.  Is it possible that a client whether internal or external will see ISA before hitting the web server. I am asking as I am not sure if CP will just direct the traffic straight to DMZ2 and bypass the web publishing rules?

Thanks
Post #: 1
RE: 2006 and DMZ's - 5.Mar.2007 12:44:46 PM   
tshinder

 

Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: online 		Two options here:

1. Make the ISA Firewall a parallel edge Firewall with the Check Point server, and then create a trihomed DMZ on the ISA Firewall to publish the Web servers.

2. Make the ISA Firewall a back-end Firewall behind the Check Point server, and then create a trihomed DMZ on the ISA Firewall and put the Web servers on the DMZ

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to clarkeyi)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> DMZ >> 2006 and DMZ's Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts