Re: w2k3 server across subnets
From: Chappydean (chappydean_at_myalias.nospam)
Date: 03/15/05
- Next message: Joe: "Re: uncommon Workstation Sharing"
- Previous message: Joe: "Re: uncommon Workstation Sharing"
- In reply to: Chappydean: "Re: w2k3 server across subnets"
- Next in thread: Phillip Windell: "Re: w2k3 server across subnets"
- Reply: Phillip Windell: "Re: w2k3 server across subnets"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 14 Mar 2005 19:59:02 -0800
Final post here. Finally got to tier one support for WatchGuard. The Firebox
product will not allow 'broadcasts" across the interfaces. Therefore the
secondary domain controller must reside on the 'trusted- network subnet.
Thanks to all input.
"Chappydean" wrote:
> Phillip,
>
> Another comment about WatchGuard Firebox.
>
> The I/Fs are a data flow layered protocol that is derived from 'Trusted'
> being the center. All I/Fs have to be a subnet. Data flows as follows:
>
> Incoming - external (T1) - eth4 - eth3 - eth2 - eth1 - eth0(trusted) -
> outgoing - eth0 - eth1 - eth2 - eth3 - eth4 - external.
>
> By default, the Firebox will NOT allow any data flow incoming. Only
> outgoing. The users must add a service to allow any incoming data and specify
> 'Any' to allow all traffic or customize to specific data flow.
>
> I still have not been able to achieve a secondary domain controller across
> the subnets. For those considering WatchGuard, consider these issues and
> their support group closely.
>
> Any having any suggestions as to HOW to work across this firewall. Please
> advise. Thanks.
>
> "Chappydean" wrote:
>
> > The X2500 I/F's are routed I/Fs.
> >
> > Secondly, the DNS server on eth1 will be setup as a public web server and
> > will be firewall isolated from the trusted network.
> >
> > The DNS now is working on the eth1 subnet. Still working with the domain
> > controller issues.
> >
> > "Phillip Windell" wrote:
> >
> > >
> > > "Chappydean" <chappydean@myalias.nospam> wrote in message
> > > news:E85C32A9-567D-487C-BB89-4678E2D64913@microsoft.com...
> > > > Additional to my last post, I would like to set up a secondary DNS server
> > > on
> > > > the X2500 I/F 'eth1'. But in order to do so I must be able to transfer
> > > zones
> > > > from the master which is on the main subnet. Can ping only, not access.
> > >
> > > Why are you making it 10 times harder and more complicated than it needs to
> > > be? the Watchgaurd box should not have anything to do with your DNS and how
> > > the DNS works.
> > >
> > > --
> > >
> > > Phillip Windell [MCP, MVP, CCNA]
> > > www.wandtv.com
> > >
> > >
> > >
- Next message: Joe: "Re: uncommon Workstation Sharing"
- Previous message: Joe: "Re: uncommon Workstation Sharing"
- In reply to: Chappydean: "Re: w2k3 server across subnets"
- Next in thread: Phillip Windell: "Re: w2k3 server across subnets"
- Reply: Phillip Windell: "Re: w2k3 server across subnets"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
