Re: Connecting to Multiple networks

Neteng,

Well to be honest they are not really fussed about a firewall, they are
happy to VLan absolutly everything off into seperate VLans but I know that
this will cause a Windows Administrative nightmare. I will try and get them
to go down the dual firewall route with somthing like a Netscreen and then a
PIX and stop the VLan Nonsence.

"Neteng" wrote:

> Your design is correct. With a two-tier firewall, you control access to and
> from everything in the DMZ, including "management protocols (ie SSH to a
> Unix box). I recently purchased, but haven't had a chance to read
> 073562061. For design I've heard the following are pretty good. My current
> job only exposes me to Cisco gear, but I was a server admin for years. I'm
> surprised that your Cisco guys only want a single firewall in place.
>
> ISBN: 0321305019
> ISBN: 0782143296
> ISBN: 1932266550 (I own this one, but it hasn't arrived yet)
>
> "Robbie" <Robbie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:F7439519-8196-46A3-87DD-F4CB8074FF87@xxxxxxxxxxxxxxxx
> > Also to add to the below,
> >
> > Do you know any good books regarding Windows and Security e.g. desiging a
> > network security plan I know there are ISBN 0-7356-2061-Xand ISBN
> > 0-7356-1969-7 are these any good or would you recommend any other books?
> >
> > Thank you in advance
> >
> > "Robbie" wrote:
> >
> > > Neteng,
> > >
> > > I am a windows engineer here and how I would structure the network is
> > > firewall then public facing servers and then firewall then private data
> > > servers. Everyone else here are Cisco network engineers and have Unix
> > > knowledge and they wish to have the structure firewall, Public servers,
> VLan,
> > > Management Network and then lock down the VLan.
> > >
> > > "Neteng" wrote:
> > >
> > > > I would not rely on NAT as a layer of protection between the public
> domain
> > > > and my private LAN.
> > > >
> > > > "Robbie" <Robbie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > > news:473E4898-3B14-4381-A226-D3DD0CEE6181@xxxxxxxxxxxxxxxx
> > > > > Hi,
> > > > >
> > > > > They are a mix of Windows 2000/2003. They do have a firewall on and
> also
> > > > > IPSec but NAT is not enabled.
> > > > >
> > > > > Thank you.
> > > > >
> > > > > Robert
> > > > >
> > > > > "Robert L [MS-MVP]" wrote:
> > > > >
> > > > > > we need more information to help. assuming this is windows 2000
> server,
> > > > enable NAT to protect your system.
> > > > > >
> > > > > > NAT and Firewall How to Setup Network, Internet Sharing, Remote
> Access
> > > > and VPN Step by Step Guide ... How to configure 2000/2003 NAT services
> and
> > > > ports ...
> > > > > > www.howtonetworking.com/Windows/NAT&firewall.htm
> > > > > >
> > > > > >
> > > > > > Bob Lin, MS-MVP, MCSE & CNE
> > > > > > How to Setup Windows, Network, VPN & Remote Access on
> > > > http://www.HowToNetworking.com
> > > > > > Networking, Internet, Routing, VPN Troubleshooting on
> > > > http://www.ChicagoTech.net
> > > > > > "Robbie" <Robbie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > > news:A386C256-9795-41DC-83B8-0815590F1ADA@xxxxxxxxxxxxxxxx
> > > > > > All,
> > > > > >
> > > > > > My Boss would like to set up a management backend network away
> from
> > > > the
> > > > > > external connection.
> > > > > >
> > > > > > Basically Internal NIC 10.0.x.x
> > > > > > External NIC 80.x.x.x
> > > > > >
> > > > > > Will this work effectivly or is there a better way of setting up
> a
> > > > > > management network?
> > > > > >
> > > > > > thanks
> > > >
> > > >
> > > >
>
>
>
.

Relevant Pages

  • RE: Secure Network Design (DMZ, LAN, etc)
    ... you'll see that their both on the same subnet. ... It has a port for the trusted network and a port ... Our firewall handles NAT. ... > servers, wouldn't it require a public IP and therefore be somewhat ...
    (Security-Basics)
  • RE: [fw-wiz] Security Audit and Priorities
    ... Learn your network. ... - Linux Security Cookbook ... Building Secure Servers with Linux ... It's one thing to be a firewall admin and write ...
    (Firewall-Wizards)
  • Re: Controlling access to MSTSC.exe
    ... to get through the windows firewall. ... static configuration by using VLANS in conjunction with a VLAN Policy Server ... > programs where I will need the ability to restrict by ... >>> level policy (i.e. who can connect via remote desktop to the servers). ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: terminal services quirkyness question
    ... When you ssh into your Firewall you are Basically inside your Network ... will have to change the default port that TS listens too... ... Open the Ports in your Firewall and Point them to your servers, ...
    (microsoft.public.windows.server.sbs)
  • Re: [fw-wiz] Isolating internal servers behind firewalls
    ... We have a cisco firewall services module that we us for our head ... So, for a given network, you can move ... There are general purpose file servers, AD domain controllers, SMS ... The firewall/security group argues that servers and clients should exist ...
    (Firewall-Wizards)