• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Still confused: Need some help on a DMZ question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Still confused: Need some help on a DMZ question Page: [1]
Login
Message << Older Topic   Newer Topic >>
Still confused: Need some help on a DMZ question - 11.Oct.2005 8:02:00 PM   
thecoffeeguy

 

Posts: 165
Joined: 28.Aug.2005
Status: offline
I have been thinking about my setup for most of the day today, trying to figure out how to do this and to be honest, I haven't a clue at this point.

Info:

-Exterior Firewall: Watchguard x1000 (3 interfaces: WAN, LAN, DMZ)
-Interior FW: ISA Server 2004 (2 interfaces: External and internal)

Ok. Try to do some diagramming here:

internet --> Watchguard -->switch (192.168.1.0/24) -->ISA 2004 (EXT nic, 192.168.1.2) -->ISA INT Nic (192.168.100.1) -->switch (192.168.100/24) -->trusted network

Now, i've tested this and it works great for allowing my internal clients access to the internet, but im really starting to wonder if I need one more NIC for a DMZ and here is why.

Currently, on my setup, I have this:
-Watchguard with two setups
-------Trusted: 192.168.1.0/24
-------DMZ: 10.0.1.0/24

Incoming mail gets routed to the DMZ, which hits the mailscrubber and defang viruses spam etc. Once it's cleaned, it is then forwarded on to our mail server in our trusted network (via a rule in the Watchguard firewall.)

Does that make sense?

I don't know if what I am trying to accomplish (getting the mailgateway server on the DMZ, 10.0.1.0/24, routed back into the trusted network) without a third NIC.

Anyone have suggestions on this?

Thanks,

Jason
Post #: 1
RE: Still confused: Need some help on a DMZ question - 12.Oct.2005 6:00:00 AM   
rosscoid

 

Posts: 15
Joined: 1.Oct.2004
From: Reading, UK
Status: offline
quote:
I don't know if what I am trying to accomplish...
No, neither do I, I'm confused by your reference to a 3rd NIC - where do you want to put this 3rd NIC and what will it connect to?

Your topology sounds common enough, and what you are trying to achieve with your mail routing sounds good. I don't think you need any more NICs just routes on the WatchGuard and ISA server so that mail is correctly routed.

Are there any devices (servers, etc) between the WatchGuard and the ISA? If not, this 'space' could be used as your DMZ instead of having a DMZ hanging off a 3rd interface on your WatchGuard, just a thought.

(in reply to thecoffeeguy)
Post #: 2
RE: Still confused: Need some help on a DMZ question - 12.Oct.2005 1:21:00 PM   
thecoffeeguy

 

Posts: 165
Joined: 28.Aug.2005
Status: offline
quote:
Originally posted by rosscoid:
]No, neither do I, I'm confused by your reference to a 3rd NIC - where do you want to put this 3rd NIC and what will it connect to?

I guess I wasn't sure if I needed a 3rd NIC specifically for the DMZ portion.

quote:

Your topology sounds common enough, and what you are trying to achieve with your mail routing sounds good. I don't think you need any more NICs just routes on the WatchGuard and ISA server so that mail is correctly routed.

It may be that all I need to do is setup routes and rules on the Watchguard and ISA server. Wasn't sure so I thought i'd ask.

quote:

Are there any devices (servers, etc) between the WatchGuard and the ISA? If not, this 'space' could be used as your DMZ instead of having a DMZ hanging off a 3rd interface on your WatchGuard, just a thought.[/QB]

No servers, just a switch.

(in reply to thecoffeeguy)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Still confused: Need some help on a DMZ question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts