Doesn't appear to be that difficult. Seems like you would have a firewall with 3 nics, external/internal/dmz. Then another firewall with 2 nics for external/internal. I've seen this done in a crossbeam box where you have multiple firewalls inside their appliances. Or you could utilize 2 splat boxes to do it.
However, depends on your security, but I would think that a splat box with 3 nics would work just fine. External/internal/dmz and you can lock down what each device in the dmz can do, http/ftp/ssh, etc. Or if you wish to protect the DMZ servers from each other, you could utilize vlans to separate them into virtual dmz networks, not quite as secure as physically separating the devices, but would save you having to run two separate firewalls. Derek O'Flynn -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of csarid Sent: Tuesday, August 02, 2005 3:24 PM To: [email protected] Subject: Re: [FW-1] Firewall-1 Questions Thanks for the reply.. Is it really that difficult? I would have thought this type of configuration would be fairly simple.. Is there any documentation that would help someone using it for the first time? Also, what's the cost for the software approximately and what H/W configuration does it normally run on or run the best on? Thanks again Tom Louis <[EMAIL PROTECTED]> wrote: yes you should have at least two nics. But you really should find someone who knows how to setup the product properly. --- csarid wrote: > Hello, > > If these questions have been answered already, > please feel free to point me to the archive source > for the answers. > > > I am new to the Firewall-1 product and I am looking > for information and possibly some direction. > > > Is the Firewall-1 product purely software and what > is a typical H/W configuration for the product to > run on? Does it require two Nics to act as a > firewall/gateway? Also, what is the cost for the > standard product that will provide firewall > protection? > > Situation: > > I would like to isolate a an existing dmz network > further by placing a machine with Firewall-1 > software on it with 2 nics to segragate it from the > normal dmz environment and place equipment behind it > only allowing http(s), ftp, and ssh protocols from > very specific machines. Can the Firewall-1 standard > product allow to accomplish this? > > Thanks, > > Franco > > > --------------------------------- > Start your day with Yahoo! - make it your home page > > > --------------------------------- > Start your day with Yahoo! - make it your home page > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Start your day with Yahoo! - make it your home page ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
