Reply To: Network design
by
mshavrov
·
about 18 years, 7 months ago
In reply to Network design
Easiest and most correct way – install firewall to interconnect LAN and DMZ. It depends on your budget. Theoreticaly you should not use routers as your only solution for security. General idea is in using firewall since it provides statefull security (it tracks your incoming and outgoing TCP sessions and UDP flows).
What can you do in this situation:
1. Buy 3-4 interfaces firewall. I prefere Cisco PIX or Checkpoint, but it can be anything.
2. Connect your 2 Internet routers together through small hub or switch. Or connect both T1 cards to one router and configure “policy routing”, when you send one type of traffic through one link, and rest of the traffic through another.
3. Connect all your “public” servers to DMZ interface and configure appropriate rules and address translations.
4. Connect your LAN to “inside” interface.
It’s very general view of “best security practices”. Sure, you may just install router between your “servers lan” and “users lan”, configure NAT and routing, but again, its not recommended solution.
If you have more questions on network and security design, send me e-mail.
Good luck,
Michael Shavrov
CCSP, CCNP, CCDP, CSS1, Security+, MCSE W2K, Checkpoint CCSA.