Hi All,
We are planning a back-to-back firewall setup, as follows :-
---PIX--- ---FW-1---
| | | |
outside--- ----- --- "clean" DMZ
| | | | |
---PIX--- | ---FW-1--- \
| \
"dirty" \
DMZ inside
The PIX's are on hot-failover, as are the FW-1's.
The "dirty" DMZ will contain our servers with external requirements (mail,
DNS etc)
The "clean" DMZ will contain our internal servers.
Questions:
This is a first time for us ; is this a good way to go ? Any advice or
critisism (before I hit the pitfalls !) would be most appreciated.
Also, are there any known issues with linking PIX & FW-1 in this way ?
One further question, loosley related,....... the PIX already exist, so I
am using the PIX configs as a guide to generating the policies on the
FW-1s. In the main this seems to translate fairly well, but I am worried
about the "quirks" of the FW-1 ; I recall that sometimes the processing
order of the FW-1 policy is not quite as expected.........so is this a
"safe" approach ?
Thanks, Gordon
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
