Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Still confused: Need some help on a DMZ question
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Still confused: Need some help on a DMZ question - 11.Oct.2005 8:02:00 PM
|
|
|
thecoffeeguy
Posts: 165
Joined: 28.Aug.2005
Status: offline
|
I have been thinking about my setup for most of the day today, trying to figure out how to do this and to be honest, I haven't a clue at this point.
Info:
-Exterior Firewall: Watchguard x1000 (3 interfaces: WAN, LAN, DMZ)
-Interior FW: ISA Server 2004 (2 interfaces: External and internal)
Ok. Try to do some diagramming here:
internet --> Watchguard -->switch (192.168.1.0/24) -->ISA 2004 (EXT nic, 192.168.1.2) -->ISA INT Nic (192.168.100.1) -->switch (192.168.100/24) -->trusted network
Now, i've tested this and it works great for allowing my internal clients access to the internet, but im really starting to wonder if I need one more NIC for a DMZ and here is why.
Currently, on my setup, I have this:
-Watchguard with two setups
-------Trusted: 192.168.1.0/24
-------DMZ: 10.0.1.0/24
Incoming mail gets routed to the DMZ, which hits the mailscrubber and defang viruses spam etc. Once it's cleaned, it is then forwarded on to our mail server in our trusted network (via a rule in the Watchguard firewall.)
Does that make sense?
I don't know if what I am trying to accomplish (getting the mailgateway server on the DMZ, 10.0.1.0/24, routed back into the trusted network) without a third NIC.
Anyone have suggestions on this?
Thanks,
Jason
|
|
|
|
RE: Still confused: Need some help on a DMZ question - 12.Oct.2005 6:00:00 AM
|
|
|
rosscoid
Posts: 15
Joined: 1.Oct.2004
From: Buckinghamshire, UK
Status: offline
|
quote:
I don't know if what I am trying to accomplish...
No, neither do I, I'm confused by your reference to a 3rd NIC - where do you want to put this 3rd NIC and what will it connect to?
Your topology sounds common enough, and what you are trying to achieve with your mail routing sounds good. I don't think you need any more NICs just routes on the WatchGuard and ISA server so that mail is correctly routed.
Are there any devices (servers, etc) between the WatchGuard and the ISA? If not, this 'space' could be used as your DMZ instead of having a DMZ hanging off a 3rd interface on your WatchGuard, just a thought.
|
|
|
|
|
RE: Still confused: Need some help on a DMZ question - 12.Oct.2005 1:21:00 PM
|
|
|
thecoffeeguy
Posts: 165
Joined: 28.Aug.2005
Status: offline
|
quote:
Originally posted by rosscoid:
]No, neither do I, I'm confused by your reference to a 3rd NIC - where do you want to put this 3rd NIC and what will it connect to?
I guess I wasn't sure if I needed a 3rd NIC specifically for the DMZ portion.
quote:
Your topology sounds common enough, and what you are trying to achieve with your mail routing sounds good. I don't think you need any more NICs just routes on the WatchGuard and ISA server so that mail is correctly routed.
It may be that all I need to do is setup routes and rules on the Watchguard and ISA server. Wasn't sure so I thought i'd ask.
quote:
Are there any devices (servers, etc) between the WatchGuard and the ISA? If not, this 'space' could be used as your DMZ instead of having a DMZ hanging off a 3rd interface on your WatchGuard, just a thought.[/QB]
No servers, just a switch.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
