We currently have a 3 legged template setup using 3 nic's - internal, external and Perimeter (DMZ).
The web server is on the DMZ.
I want to use the existing 3 legged setup I have at the minute with external clients coming in to our web server on the dmz. Without changing this, using a 2nd ISA SE firewall I would like to create an additional layer of security between the web server and an application server then into our internal network.
Ideally, I require a three tier environment disrupting as little as possible of our current setup.
Can I continue with our existing setup, keeping the web server on the original dmz, add the additional ISA SE Firewall (with 3 nic's) and create it's own dmz for the application server? then connect the two using publishing rules?
Is this possible or will I need to use the back-to-back dmz scenario and have both app and web server on same dmz?
Also, one of my ISA servers is 2004 and one is 2006. Is this advisable?
I'm really new to ISA so I hope this makes sense
Many Thanks Kate
< Message edited by kateh -- 30.Jan.2008 11:03:45 AM >
I see what you're getting at. The second ISA Firewall would be behind the DMZ, with an interface in the DMZ and an interface on the Internal Network. However, this really isn't required, since your current ISA Firewall is separating the DMZ from the Internal Network.
However, if your application server is not on the Internal Network, that's a different story. Please confirm.
Yes, this is it exactly. The current ISA Firewall is seperating the DMZ from the Internal Network with the web server on the DMZ being accessed from external clients.
Unfortunately, my application server isn't on any of our networks yet. I don't want it to go on the Internal Network but want to add it on to a dmz of it's own using the 2nd ISA Firewall but trying to slot it in with the current setup.
I'm also not sure whether my current ISA 2004 will play happily with the new ISA 2006 if I have it in a back-to-back dmz.