• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Need help w/ RAS/Firewall

C

CplHicks

Senior member
Hello all. I need some advice on how to setup computers in the following way. I've got 3 free external IP addresses and I want to setup computers in the following way:

Computer A: This computer would be running as a remote access server as well as a firewall (possible?). It would also be running a web acceleration server.

Computer B: IIS server

Right now I just put both computer out on the Internet outside of our companies internal network/firewall. However I'd like to have them be a little more secure but still be able to access them. Would setting up a Linux box as the router/firewall be best? (with this configuration I'd have to put two boxes behind it that'd be accessable). Or can I just go with the two box setup?

We've got a Sonicwall firewall for our internal network, is it possible to use it's DMZ solutions to create something of an external but somewhat protected network?

Any help is much appreciated, thanks.
 
You usually want to put a remote access server behind your firewall, unless you're going to use it in a limited sense or just use it for a modem server and have people VPN into the SonicWall across the modems. Otherwise, there's no need to add the load (and the latency) of the firewall if people are just going to be accessing the entire internal network. It's a security risk too.. A rule that says "Permit the modems to access everything internal" on the firewall could be taken advantage of by a hacker.

For a web accelerator (Usually a proxy or something) again it makes sense to put it inside. You're just getting web pages from the Internet and really not doing anything IN from the Internet to it. If it's caching web pages, there's no sense to go out through the firewall to get it.

In short - Unless it's going to be accessed FROM the Internet (like a webserver or FTP server) you don't need to put it outside the firewall or in a DMZ. Things that go out TO the Internet can be behind the firewall easily. Rules like "permit the proxy to go anywhere on the Internet, all ports open, but deny incoming traffic" work nicely in this scenario.

- G
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top