> Yes, otherwise the sonicwall will try to pass the packets off to the
wrong
> interface, and the traffic will not reach the intended recipient.
I better drive down to colo facility and look for myself. My network guy
says he has the following setup. Server 209.113.151.5 and Sonic wall are
both accesible from the Internet.
209.113.151.5 is located on the LAN
It is not behind a router
Its ethernet address was not found
INTERNET
^
^
^
_____^________________ ___________________
_____________________
| cisco switch | | sonic wall | | cisco
switch |
|______________________| >>>>>>>>| range of ip | >>>>>>>
|_____________________|
| 209.113.151.4 |
| 209.113.151.24 | ^ ^ ^
^ |_________________ | ^
^ ^plan to add
smpt sever here
^
^
Server
209.113.151.5
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
Andrew P. Kaplan Network Administrator
WEB www.cshore.com 168 Boston Post Road
EMAIL: [EMAIL PROTECTED] Madison, CT 06443
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
Obstacles are those things that appear when you lose sight of your
goal.
- Henry Ford
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of [EMAIL PROTECTED]
> Sent: Wednesday, September 18, 2002 10:34 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SonicWALL]- placement of smtp mail servers
>
>
> Yes, otherwise the sonicwall will try to pass the packets off to the wrong
> interface, and the traffic will not reach the intended recipient.
>
> You can test this by going to the diagnostic tab on the tools
> page. Do the
> "find network path". If it's on a different port than you have it
> programmed for, it should time out.
>
> John
>
>
> -----Original Message-----
> From: Andrew P. Kaplan [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 18, 2002 9:23 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SonicWALL]- placement of smtp mail servers
>
> >>My .02 ;)
>
> Makes cents ;-).
>
> However, in my scenario there is no private network. So the wan
> port and DMZ
> are basically the same as far as MY network is conerned. The web serves
> would be hacked before the mail servers ;-) So I might as well just keep
> everthing on the same port for simplicity.
>
> Last question:
>
> The sonic wall is serving public IP to the servers (NO NAT) as
> listed below
> (under Advanced - Intranet)
>
> Specified address ranges are attached to the LAN link 209.113.151.4
> 209.113.151.24
>
> So the box is running as firewall bridge. Does this mean that any
> IP in this
> range must be BEHIND the firewall.
>
> [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
> Andrew P. Kaplan Network Administrator
> WEB www.cshore.com 168 Boston Post Road
> EMAIL: [EMAIL PROTECTED] Madison, CT 06443
> [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
>
>
>
> Obstacles are those things that appear when you lose sight of your
> goal.
> - Henry Ford
>
>
>
>
>
>
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > Behalf Of [EMAIL PROTECTED]
> > Sent: Wednesday, September 18, 2002 9:59 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [SonicWALL]- placement of smtp mail servers
> >
> >
> > Since they're public servers, should something happen and they were
> > compromised, if they're in the DMZ then the damage is limited in scope,
> > whereas if they're in your internal network, then whoever hacks
> it may be
> > able to leverage the internal presence of the compromised box
> and do more
> > damage to other, non-public servers. General rule of thumb is
> to let the
> > publicly accessed servers be in that DMZ zone for this reason.
> Of course,
> > there are situations where you can't avoid it, so you just lock
> > down as much
> > as you can and have something translated to an internal machine. All
> > depends on your circumstances and infrastructure and needs.
> >
> > My .02 ;)
> >
> > J
> >
> >
> > -----Original Message-----
> > From: Andrew P. Kaplan [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 18, 2002 8:47 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [SonicWALL]- placement of smtp mail servers
> >
> > >>Put your BSD in the DMZ if you have a spare public IP.
> >
> > What's the advantage of putting the mail server on the DMZ as all
> > the boxes
> > are "public" boxes that is to say they are either web or mail
> > (smtp/pop/imap)
> >
> > [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
> > Andrew P. Kaplan Network Administrator
> > WEB www.cshore.com 168 Boston Post Road
> > EMAIL: [EMAIL PROTECTED] Madison, CT 06443
> > [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
> >
> >
> >
> > Obstacles are those things that appear when you lose sight of your
> > goal.
> > - Henry Ford
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > > Behalf Of Chris Hunt
> > > Sent: Wednesday, September 18, 2002 8:58 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Fwd: [SonicWALL]- placement of smtp mail servers
> > >
> > >
> > > Put your BSD in the DMZ if you have a spare public IP. As for speed I
> > > would think it should handle it but I'm only pumping at 1.5meg
> > >
> > > Chris
> > >
> > >
> > > >I have two questions about my Sonicwall 300
> > > >
> > > >ONE: I'm curious to learn the load capacity of a Sonicwall 300.
> > > According
> > > >to the info the transfer capacity is over 100 megs a second.
> Does this
> > > >mean if the Sonicwall is connected to a 2.5 meg connection that the
> > > >sonicwall could never be overloaded with too much traffic.
> > > >
> > > >TWO Currently I have three medium volume web servers behind
> the 300. I
> > > >would like to add a SMTP server that processed about a gig of
> > > data a day.
> > > >The box is a BSD box running Postfix and SSH only so it's
> pretty hard.
> > > >Should the box be placed behind the firewall and should it be on
> > > a regular
> > > >port or the DMZ.
> > > >
> > >
> > > ---
> > > [This E-mail scanned for viruses by Declude/F-Prot AV]
> > >
> > > ==================================================================
> > > =================================
> > > To unsubscribe, send email to [EMAIL PROTECTED] In the body of
> > > the email put the following: unsubscribe sonicwall your_name
> > > The archive of this list is at
> > http://www.mail-archive.com/sonicwall%40peake.com/
> >
> >
> >
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
> >
> > ---
> > [This E-mail scanned for viruses by Declude/F-Prot AV]
> >
> > ==================================================================
> > ==========
> > =======================
> > To unsubscribe, send email to [EMAIL PROTECTED] In the body
> of the email
> > put the following: unsubscribe sonicwall your_name
> > The archive of this list is at
> > http://www.mail-archive.com/sonicwall%40peake.com/
> >
> > ---
> > [This E-mail scanned for viruses by Declude/F-Prot AV]
> >
> > ==================================================================
> > =================================
> > To unsubscribe, send email to [EMAIL PROTECTED] In the body of
> > the email put the following: unsubscribe sonicwall your_name
> > The archive of this list is at
> http://www.mail-archive.com/sonicwall%40peake.com/
>
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
>
> ---
> [This E-mail scanned for viruses by Declude/F-Prot AV]
>
> ==================================================================
> ==========
> =======================
> To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email
> put the following: unsubscribe sonicwall your_name
> The archive of this list is at
> http://www.mail-archive.com/sonicwall%40peake.com/
>
> ---
> [This E-mail scanned for viruses by Declude/F-Prot AV]
>
> ==================================================================
> =================================
> To unsubscribe, send email to [EMAIL PROTECTED] In the body of
> the email put the following: unsubscribe sonicwall your_name
> The archive of this list is at
http://www.mail-archive.com/sonicwall%40peake.com/
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
===================================================================================================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the
following: unsubscribe sonicwall your_name
The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
