Why Two NICs for Firewall? (Full Version)

All Forums >> [ISA Server 2004 Cache] >> General



Message


big_dazza -> Why Two NICs for Firewall? (31.Mar.2005 3:49:00 PM)

Tom,

could you tell me the reasons why ISA in FW/Integrated mode requires two NICs? What is the thinking behind it? Apologies for my ignorance, and thanks




tshinder -> RE: Why Two NICs for Firewall? (4.Apr.2005 12:01:00 PM)

Hi BD,

The point is that a firewall needs two or more NICs for either physical or logical segmentation. If you don't have two NICs, is very simple to bypass the firewall since the hosts can change their gateway address to bypass the ISA firewall.

You can logically segment the network using vlan tagging. That creates multiple virtual NICs using a single physical NIC. Not as secure as physical segmentation, but better than a single-NIC deployment.

HTH,
Tom




Page: [1]