Dennis,
I believe the most reliable solution would be having a Radware LinkProof
load balance the two disparate ISP connections on the outside where it would
resolve the www, etc. requests to a public IP on the best ISP. Then the
LinkProof would send the data through the best firewall at that time. From
there it would hit a Radware FireProof which would be the default gateway
for all internal machines. So, your multiple firewalls from 2 to 99 are
sandwiched between a LinkProof and a FireProof. This is exactly what these
devices were designed to do...
Check out their site: www.radware.com
Adam
-----Original Message-----
From: Dennis Dai [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 2:28 PM
To: [EMAIL PROTECTED]
Subject: Dual firewall question (revisited)
Last October there was a thead talking about dual firewall
configuration:
http://www.geocrawler.com/mail/thread.php3?subject=Dual+firewall+question&li
st=90
(link may be wrapped)
The question was how you are going to serve web pages when you have 2
ISPs and thus 2 firewalls (web server is behind the 2 firewalls). So
far, the solutions are:
1. use ALG on firewall (from mouss)
2. put another NAT box in front of the firewall to translate the source
IP from the client (from Ben)
My questions are:
- For the first solution, will the ALG breaks SSL server and client
authentication (via server and client certs)? If not, what ALG is
suitable for this kind of task? SOCKS4/5, FWTK come into mind.
- For the second solution, is it possible to combine the NAT and
firewall box into one (assuming I'm going to use ipfilter in both
boxes)? My analysis is not likely (without some serious hacking into the
code, which I'm not really good at). :-(
Thanks in advance for any input.
Dennis
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
