Symantec Enterprise FW > 2 web servers in DMZ

Toggle sidebar Toggle sidebar
M

morten

Distinguished
Apr 4, 2004
32
0
18,530
Archived from groups: comp.security.firewalls (More info?)

We have a Symantec Enterprise Firewall 7.0.4 installed and need to route
external traffic to two web servers in DMZ. With one server this has been no
problem, but I can't figure out how to get the second going... I've searched
all over the net...

Can I do this by looking for different host headers? How? Do I have to use
two external IP addresses? How?


Thanks,
Morten
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

On Fri, 30 Apr 2004 11:10:58 +0200, Morten spoketh

>We have a Symantec Enterprise Firewall 7.0.4 installed and need to route
>external traffic to two web servers in DMZ. With one server this has been no
>problem, but I can't figure out how to get the second going... I've searched
>all over the net...
>
>Can I do this by looking for different host headers? How? Do I have to use
>two external IP addresses? How?
>
>
>Thanks,
>Morten
>

You'll need to do two different external IP addresses. SEF can't use
host headers for this.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
 
M

morten

Distinguished
Apr 4, 2004
32
0
18,530
Archived from groups: comp.security.firewalls (More info?)

> You'll need to do two different external IP addresses. SEF can't use
> host headers for this.

Thanks, this is what I assumed. Can I assign these two addresses to one NIC,
or do I have to use two NICs? I haven't found info on how to set this up in
SEF - can you (or anyone) explain it to me?

Thanks,
Morten
 
M

morten

Distinguished
Apr 4, 2004
32
0
18,530
Archived from groups: comp.security.firewalls (More info?)

> > You'll need to do two different external IP addresses. SEF can't use
> > host headers for this.
>
> Thanks, this is what I assumed. Can I assign these two addresses to one
NIC,
> or do I have to use two NICs? I haven't found info on how to set this up
in
> SEF - can you (or anyone) explain it to me?

Never mind, seems I got this working simply by adding the second IP to the
existing NIC (and setting rules). Strangely this did not work last time I
tried...!

Thanks,
Morten
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

On Fri, 30 Apr 2004 13:46:32 +0200, Morten spoketh

>
>> You'll need to do two different external IP addresses. SEF can't use
>> host headers for this.
>
>Thanks, this is what I assumed. Can I assign these two addresses to one NIC,
>or do I have to use two NICs? I haven't found info on how to set this up in
>SEF - can you (or anyone) explain it to me?
>
>Thanks,
>Morten
>

You don't assign the IP address to the NIC (as in the advanced settings
of the network card properties), but you set up "Service redirect", and
there you should be able to enter any public IP address that's available
to you on the outside interface, and redirect it to an IP address in the
DMZ. The firewall will take care of all the background stuff (referred
to some as proxy-arp) to ensure that traffic for the specified IP
address is picked up by this network card.

A service redirect by itself does very little; you also need a rule in
place to allow traffic in and/or out.


Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom