Re: Best practices: Two nic's but have harware firewall

---

• From: "Child" <SpamFreedawg@xxxxxxxxxx>
• Date: Mon, 27 Feb 2006 14:55:04 -0900

---

"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:eX6ZQ$9OGHA.1180@xxxxxxxxxxxxxxxxxxxxxxx

really, it depends on the device. If it really is a 'firewall' device
you're better off with a single NIC configuration.

If it's a simple NAT router (many of which claim to be firewalls, some
even have some true firewall functionality) then a two nic config is good,
2nic+ISA better still.

So, are we talking about a firewall or a simple NAT router (device
manufacturer/model will do)?

its a watchguard firebox 700
I think its a real firewall. Should I disable the second nic?

SBS Standard or Premium?

Premium

Jonathan is almost right.
I generally disable DHCP on the router during initial configuration of the
external interface, which I don't install until SBS setup is complete
except for the 'to-do list'. Once the 2nd NIC is in place and the CEICW is
run DHCP (on SBS) is bound only to the internal NIC, you can then
re-enable DHCP on the router. I commonly use a multiport router so that
visitors can access the internet while being 'outside' my network.

got it. We do have occasional visitors, and even i like to bring my home
laptop in on occasion, so this may be handy.

Yes, any system having multiple NICs must put them in seperate subnets
unless they are configured for teaming/aggregation/failover.

If possible, don't DMZ the SBS external IP. It is better to forward the
individual ports.

My firebox is forwarding ports!


.

---

• Follow-Ups:
  • Re: Best practices: Two nic's but have harware firewall
    • From: SuperGumby [SBS MVP]

• References:
  • Best practices: Two nic's but have harware firewall
    • From: Child
  • Re: Best practices: Two nic's but have harware firewall
    • From: SuperGumby [SBS MVP]

• Prev by Date: Re: IIS / PHP problems (I think)
• Next by Date: Re: Best practices: Two nic's but have harware firewall
• Previous by thread: Re: Best practices: Two nic's but have harware firewall
• Next by thread: Re: Best practices: Two nic's but have harware firewall
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: 56k dial up on laptop 802.11G ? ... >>> The Linksys WRT54G series of wireless routers all have firewall ... >>No NAT router is running FW software in the traditional sense. ... > Linux firewall is not a firewall... ... Linksys router is running FW software or a NAT router for home usage is ... (alt.internet.wireless) Re: 56k dial up on laptop 802.11G ? ... >>>No NAT router is running FW software in the traditional sense. ... >> Linux firewall is not a firewall... ... (alt.internet.wireless) Re: router ... >network but without success. ... A NAT router provides a firewall by only exposing ports ... (alt.computer.security) Re: software/hardware Firewall tradeoff ... just there are two options (Firewall: ... The NAT router for home usage is not a FW either. ... What are a FWWhat is a packet filtering FW router? ... (comp.security.firewalls) Re: router ... >>network connections fail. ... >>I read somewhere that if I use a router it will allow any PC to connect at ... >>any time and has a firewall inbuilt. ... > A NAT router provides a firewall by only exposing ports ... (alt.computer.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-02