Re: Two Nics really needed?

From: SBSuser (anonymous_at_discussions.microsoft.com)
Date: 12/31/04 

Date: Fri, 31 Dec 2004 10:07:06 -0800

OK Merv, that sounds good. Considering my scenario and
adding the other NIC. How would you rearrange my layout
keeping the PIX in there? How would you connect the devices
(sequence)?What changes in configuration?

Thanks

>-----Original Message-----
>Security in layers... 2 NICs are a better insurance
policy. If your PIX is
>breached, your entire LAN is exposed. If you implemented
SBS 2000 with 2
>NICs, you could have ISA running in "integrated
(firewall) mode" on the
>server. This gives you the PIX as the first line of
defense and ISA on the
>external NIC as a second line of defense. Of course,
there's a learning
>curve with ISA and the complexity of administering your
network is
>marginally increased. But it all comes down to risk
assessment.
>
>--
>Merv Porter [SBS MVP]
>===================================
>
>"SBSuser" <anonymous@discussions.microsoft.com> wrote in
message
>news:0b6301c4ef55$7d385940$a401280a@phx.gbl...
>> I have the following scenario:
>> T-1 Router - Cisco PIX firewall - Switch - Server and
>> Workstations
>> The PIX, server and WS's connect to the Switch.
>>
>> The PIX connects EThernet 0 to Internet thru the router
>> and connects Ethernet 1(internal) to the Switch
>>
>> My boss insists I need to implement two Nic's on the SBS
>> server. I think we do not need it.
>>
>> What's your opinion?
>>
>
>
>.
>

Relevant Pages

  • Re: Firewall Frage
    ... Je nach dem welche PIX du dir zulegst, ist die PIX in der Anschaffung sogar ... günstiger als ein ISA Server! ... Nun zum Thema VPN: ...
    (microsoft.public.de.german.isaserver)
  • Re: Justification for ISA 2000 Server (firewall mode)
    ... The one big advantage of ISA over Cisco is the ability of the ISA server to ... For what it's worth I've run into problems with a PIX firewall at a customer ...
    (microsoft.public.isaserver)
  • Re: Firewall Session - Attack?
    ... yes the PIX is specifically configured to do a Static NAT back to ... on the Firewall Client ports. ... VPN server so that remote users can dial in using this natted public IP ... This ISA server is only used for VPN server and only has the ...
    (microsoft.public.isa)
  • Re: SBS Prem on dual homed system HELP
    ... I don't have RWW on this server, but that would be port 4125 ... >> Your PIX config should look something like this. ... >> PIX do the firewall function. ... You could of course increase the protection by adding ISA. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA Server newbie
    ... PIX, you would have two levels of security at your internet facing border. ... You could always put an ISA in the DMZ as well, if you want to publish web ... To the PIX, the mail server, the web server and any other published server ... The SurfControl Web filter is a proxy filter and you can put it behind your ...
    (microsoft.public.isa)