|
Title: Border firewall setup Post by: npeterson on Thursday 09 October 2008, 10:22:15 am I'm new, as in 2 days, to efw so bear with me. I would like to know if efw can work for my setup. Here is What i would like to do, setup a fw chain like so :
Internet - {FW1} - DMZ - {FW2} - Internal FW1 - We would need to route our external interface 10.1.2.2 to the orange interface (10.1.3.1) that is our DMZ witch has publicly accessible ip's, and vise versa. Green interface should not route anything, its just the management interface. FW2 - is connected to the DMZ orange interface (10.1.3.2) to the green interface 10.1.4.0/24. This connection is NAT'd I'm having problems with FW1, can efw be setup to do this? can there be a zone firewall between the red and orange interfaces and still route traffic from orange to red and vise versa? So far i cannot create this, when i go to create the zone fw, it doesnt list red as a interface i can use for the source or destination. I've put the routes in place, but dont have the time to test this tonight. Title: Re: Border firewall setup Post by: Shane_08 on Friday 17 October 2008, 03:51:41 am I would say the easiest way to configure this would be to have FW1 forwarding any required traffic to the DMZ (orange interface). Any traffic that is meant for the internal network (via firewall 2) should be sent to the red ip of firewall 2. Firewall 2 then needs to be configured to forward required traffic from the red network to the green network.
Not sure if you are using Endian FW for both, but if you are I would recommend using the one firewall to keep updates nice and easy :) |