Watchguard Firebox II

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Whats the best choice in this situation?

Firebox II (firmvare 7.0B1)
im going to have the following on my nettwork design,

hosting one exchange serer with public IP (x.x.x.82)
hosting one webserver with public IP (x.x.x.83)
hosting one BOVPN line to a brance office(checkpoint) with public ip who is
doing server monitoring (x.x.x.86)

Internal network
(192.168.1.X)
Wireless internal network
(192.168.2.X)

Whats the best choice to use for this design? (routed or drop in mode?)

Thanks..
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

In article <c62h7n$1vb8$1@news.dataguard.no>, toggy024@hotmail.com
says...
> Whats the best choice in this situation?
>
> Firebox II (firmvare 7.0B1)
> im going to have the following on my nettwork design,
>
> hosting one exchange serer with public IP (x.x.x.82)
> hosting one webserver with public IP (x.x.x.83)
> hosting one BOVPN line to a brance office(checkpoint) with public ip who is
> doing server monitoring (x.x.x.86)
>
> Internal network
> (192.168.1.X)
> Wireless internal network
> (192.168.2.X)
>
> Whats the best choice to use for this design? (routed or drop in mode?)

First - don't use 192.168.1 or 192.168.0 for your networks - most home
user routers will use 192.168.0 or 192.168.1 and it will play heck with
your VPN solution when you implement one.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

I'd go with routed.

Dynamically NAT your internal & wireless network so the machines can see the
net, and 1 to 1 NAT the exchange and webserver. Consider that if you decide
to segregate your networks, with some in the optional, and the other off the
trusted connection, there is a limitation with Watchguards that you cannot
access a server on the other network using the External IP Address of
machine on that network. Logic might say that if you had the webserver on
the optional, and your lan on the trusted, if you wanted to reach the
webserver from the lan you could simply connect from your PC to x.x.x83, and
the watchguard would send it down the correct path, however in reality the
watchguard will send it out via the gateway, and it'll be lost. Tried it
myself, and took a LONG time, and a lot of fiddling to figure what was
happening!

Keith

"Scoundrel" <toggy024@hotmail.com> wrote in message
news:c62h7n$1vb8$1@news.dataguard.no...
> Whats the best choice in this situation?
>
> Firebox II (firmvare 7.0B1)
> im going to have the following on my nettwork design,
>
> hosting one exchange serer with public IP (x.x.x.82)
> hosting one webserver with public IP (x.x.x.83)
> hosting one BOVPN line to a brance office(checkpoint) with public ip who
is
> doing server monitoring (x.x.x.86)
>
> Internal network
> (192.168.1.X)
> Wireless internal network
> (192.168.2.X)
>
> Whats the best choice to use for this design? (routed or drop in mode?)
>
> Thanks..
>
>
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

In article <4086df9a$0$31691$fa0fcedb@lovejoy.zen.co.uk>,
keith@nospam.unixbeard.co.uk says...
> I'd go with routed.
>
> Dynamically NAT your internal & wireless network so the machines can see the
> net, and 1 to 1 NAT the exchange and webserver. Consider that if you decide
> to segregate your networks, with some in the optional, and the other off the
> trusted connection, there is a limitation with Watchguards that you cannot
> access a server on the other network using the External IP Address of
> machine on that network. Logic might say that if you had the webserver on
> the optional, and your lan on the trusted, if you wanted to reach the
> webserver from the lan you could simply connect from your PC to x.x.x83, and
> the watchguard would send it down the correct path, however in reality the
> watchguard will send it out via the gateway, and it'll be lost. Tried it
> myself, and took a LONG time, and a lot of fiddling to figure what was
> happening!

Why wouldn't you install a DNS server in your lan and create DNS entries
for it that point to the DMZ network?

I use NAT with all of our installations and never do 1:1. If you do NAT
it's real easy to manage the network and resources. The only real issue
is maintaining a DNS entry that matches your public DNS entries.

Mark


>
> Keith
>
> "Scoundrel" <toggy024@hotmail.com> wrote in message
> news:c62h7n$1vb8$1@news.dataguard.no...
> > Whats the best choice in this situation?
> >
> > Firebox II (firmvare 7.0B1)
> > im going to have the following on my nettwork design,
> >
> > hosting one exchange serer with public IP (x.x.x.82)
> > hosting one webserver with public IP (x.x.x.83)
> > hosting one BOVPN line to a brance office(checkpoint) with public ip who
> is
> > doing server monitoring (x.x.x.86)
> >
> > Internal network
> > (192.168.1.X)
> > Wireless internal network
> > (192.168.2.X)
> >
> > Whats the best choice to use for this design? (routed or drop in mode?)
> >
> > Thanks..
> >
> >
>
>
>

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom