• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

seperating two domains

R

rasczak

Lifer
here's the deal,

I have to setup two domains but I have to keep them physically and logically seperate from each other. the problem is i only have one line out to the big bad internet.

equipment 2 2k3 servers 2 gigabit switches, 1 juniper ssg550 firewall.

can i go this route?

lan A > Gb switch A > firewall > internet
lan B > Gb switch b > firewall > internet

is this feasible with the equipment that i've got?

there will be some file sharing between the two lans but no workstation in lan A will be connected to lan b and vice versa. i figure i can set up a trust between the two domains and have that replicate down to the workstations so they can access shares on the other's domain.

as for the og question, is this feasible?
i've never worked with a higher end firewall before so i've got a lot of reading to do and (playing 😀) to do.
 
Not only is it possible, but one of the main functions of a firewall. You just need to set up three interfaces on the firewall (one for each LAN and one for the internet) and set them up for each segment or segments. You then have to go to the settings of the firewall and tell it what you want to allow to go from LAN A to LAN B and visa versa. and the firewall will keep the LANs seperated and keep people from one area from doing stuff to the other area that you do not want.
 
What you want to do is a site to site VPN via the internet with the Juniper SSG550's. I am not that familar with the Junipers, but I know they can do site to site VPN right out of the box. You may have to get a license for the VPN option though.

After you have the site to site VPN setup you can do a external two way trust between the two forests/domains or even one forest with two domains under it. You have many choices. How tied are the companies and will they always stay together?

John
 
Or you can just go the easy route and use VLANs, assuming your firewall and switches can use VLANs. If your switch is capable, you wouldn't need 2 switches then.

I think netsysadmin thinks the domains are at two different sites with two firewalls, which i believe according to the OP the domains are at the same physical site.
 
I think her diagram is just confusing... I think she meant something more like this

lan A > Gb switch A >
~~~~~~~~~~~~~~~firewall > internet
lan B > Gb switch b >
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top