Some companies have security policies which require at least two firewalls in serial.. Usually the other one should be statefull inspection type and the other one proxy.
Usually raptor is the "external" and checkpoint "internal" (Primarily because fw1 is a bit faster than raptor and someones think that raptor is more secure). rgds, Harri -----Original Message----- From: ext vishal pranjale [mailto:[EMAIL PROTECTED]] Sent: 06 December, 2001 06:24 To: Michael Zhao Cc: firewalls Subject: RE: howto create daul firewall Dear Micheal U can do it using only checkpoint firewall use 3 nic in checkpoint -----> one for DMZ , One for LAN, and one for internet. there is no need for 2nd firewall. Regards Vishal Pranjale Paladion Networks Internet Security Consultant E-217,Tower 3, IT park Vashi, Navi Mumbai-400703 PH.No. 7892890/89 www.paladionnetworks.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Zhao Sent: Thursday, December 06, 2001 7:47 AM To: [EMAIL PROTECTED] Subject: howto create daul firewall Hi , all I am new of the firewall . We want to create two firewalls , one is raptor , the other one is checkpoint FW-1. I want my network connection like this: The internet --> fw1 --> DMZ --> fw2 --> internal I have several questions need your help . 1. Checkpoint and raptor , which one will put to the fw1? 2. The physical connection: I dont know how to connect fw1 , DMZ , fw2 . Firewalls can insert dual NIC , but if I will put some machines to DMZ , how can I connect to firewalls ? Like that ? | fw1 | | HUB | |--------------|-----------|----- ( DMZ) | | | server1 server2 server3...... | fw2 Is it right? If, the server2 should has dual NIC also ? 3. How can I give the IP address for every NIC and network segment , they can access each other? 4. If I put the www , DNS , Mail server two DMZ and do the static NAT . How can I do the strategy and which fw should I do ? I really appreciate someone can help me . Thanks a lot Michael _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
