Re: multiple IIS server boxes behind firewall

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Rafal W. (RafalW_at_discussions.microsoft.com)
Date: 09/20/04 

Date: Mon, 20 Sep 2004 13:03:08 -0700

Kristofer,

first of all thanks for responding... when you saying multiple external
IPs.. do you also mean multiple NICs ? I need to check this but I'm not sure
if FW-1 license will allow me to create additional gateway... definitelly I
cannot create base rule to tell FW-1 to redirect incoming traffic on "this
NIC" to go to "this web server"

"Kristofer Gafvert" wrote:

> Hello,
>
> Multiple external IPs is one option. Another option is a reverse proxy, for
> example:
>
> http://www.octagate.com/HTTPRedirect.asp
>
> --
> Regards,
> Kristofer Gafvert
> http://www.ilopia.com
>
>
> "Rafal W." <RafalW@discussions.microsoft.com> wrote in message
> news:C1BE9B19-3632-4843-9A9A-F1591E19DDBD@microsoft.com...
> > I'm having problem with accomplish the following:
> > So far I had 1 IIS server hosting multiple web application, so it was
> pretty
> > simple. all requests were incoming on port 80 of external interface of the
> > firewall, based on rule it was redirected then to static private IP in dmz
> > then host header is taking care of the rest and display correct web page
> ...
> > now I have a need to add more web servers (physical boxes) to dmz with web
> > enabled applications, my question is how firewall will know to which
> server
> > redirect http request??? Am using checkpoint firewall and they telling me
> > this cannot be done unless I will map different external port to internal
> 80
> > !!! I do not want our users to type something like
> http://webserver.com:8080
> > Does anyone know what are me options?
> > I have 1 external interface on firewall with static public IP assigned to
> it
> > (but have another 10-20 public available for use) .. if this help I can
> add
> > additional NIC and make it external (although I would have to check if my
> > FW-1 license will let me)
> > I definitely do not want make these new web servers to be outside of the
> DMZ
> > exposed to internet.
> >
> > Any help will be appreciated.
> >
> > RW
> >
>
>
>

Relevant Pages

  • Re:apache being bombarded
    ... firewall and have your web server in a dmz. ... If you are running iptables as your firewall I can ... If your web server is not behind a firewall I would recommend putting it behind ... >BTW ive put that IPs in my /etc/hosts.deny still no joy. ...
    (Security-Basics)
  • Re: Analysing and configuring IPS/IDS Policies
    ... If you have no faith in the firewall or you are concerned about more ... Remove the IPS from the network. ... policies and logs on those devices. ...
    (Focus-IDS)
  • RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
    ... IPS has been pretty much been expected to weed out the known bad traffics on ... looks for these type of behaviour in a sequence of packets, ... firewall don't make these kind of mistakes. ... decently good ones will go through the trouble of reassembling the packets ...
    (Firewall-Wizards)
  • RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
    ... it merely does string-matchings on the packets alone. ... Network IPS: ... A software shim (firewall) that sits between the kernel and the application. ... deployed deep inside a network. ...
    (Firewall-Wizards)
  • RE: IPS vs Firewall
    ... Might I suggest using the witty worm as an example? ... > to implement an IPS solution. ... > place the IPS outside the firewall, ... of an Ethical Hacker to better assess the security of your organization. ...
    (Security-Basics)