On Thu, 6 Dec 2001, Michael Zhao wrote: > Hi , all > > I am new of the firewall . > > We want to create two firewalls , one is raptor , the other one is > checkpoint FW-1. I want my network connection like this: > > The internet --> fw1 --> DMZ --> fw2 --> internal > > I have several questions need your help . > 1. Checkpoint and raptor , which one will put to the fw1?
Generally people use Checkpoint on the outside, since it does mostly packet filtering and will be faster. > 2. The physical connection: > I dont know how to connect fw1 , DMZ , fw2 . Firewalls can insert dual > NIC , but if I will put some machines to DMZ , how can I connect to > firewalls ? Like that ? > > | > fw1 > | > | > HUB > | > |--------------|-----------|----- ( DMZ) > | | | > server1 server2 server3...... > | > fw2 > Is it right? If, the server2 should has dual NIC also ? Both firewalls should have at least two interfaces. You really should put a second interface in one of the machines and host any servers off of this "service network." That way you dont't have any devices sharing layer two connectivity with both of your security devices. That will allow you to use a crossover cable between firewalls also, saving a hub. > > 3. How can I give the IP address for every NIC and network segment , > they can access each other? Routing, not addressing determines accessability. > 4. If I put the www , DNS , Mail server two DMZ and do the static NAT . > How can I do the strategy and which fw should I do ? Whichever firewall you put the service network off of should probably NAT, though you can just do it on the external firewall and have RFC1918 addresses on everything behind that. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
