I'm have an existing server (2003 Standard) hosting several sites, with all
the bells and whistles. I have a new application I want to add which
requires the addition of a firewall appliance ( I'm looking at cisco 506 but
that shouldn't matter) I need this both for the VPN Tunnels & for security
issues.
I have approx 24 IPs running on this machine, with about 20 of them used for
different sites. I don't think I can assign this many IPs to a DMZ ( Can
I?). So, I'm trying to come up with some other solution.
What I'm thinking of doing is just adding a new ethernet connection (
actually just using the spare I have ) connected to the firewall, giving the
firewall one of the un-used IP address. Thus, I will have two subnets, my
existing IP allotment ( minus the 1 ), and the 192.168.xxx.xxx that I get
from the Firewall. I plan to have SQL Server 2005 instances running on the
IP addresses in the 192.168.xxx.xxx block.
I know this way is essentially stupid, but my client won't spring for a new
server, so I'm trying to make something work. This will give me my VPN
tunnels, so that is half the problem. My question is, does this provide me
any additional security at all? Is there any way to have the server
partitioned so that some of it is highly secure while some of it remains
essentially a DMZ?The real question would be why would installing a new application require a
chang in the LAN Topology involving a firewall device? That make no
sense,...Applications are supposed to be ablivous to the underlying
Topology.
Yes, introducing a firewall changes the LAN Topology unless it is replacing
an already existing device.
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"Phil" <prounds@.cassandragroup.com> wrote in message
news:u%23aLPichGHA.4388@.TK2MSFTNGP05.phx.gbl...
> I'm have an existing server (2003 Standard) hosting several sites, with
all
> the bells and whistles. I have a new application I want to add which
> requires the addition of a firewall appliance ( I'm looking at cisco 506
but
> that shouldn't matter) I need this both for the VPN Tunnels & for
security
> issues.
> I have approx 24 IPs running on this machine, with about 20 of them used
for
> different sites. I don't think I can assign this many IPs to a DMZ ( Can
> I?). So, I'm trying to come up with some other solution.
> What I'm thinking of doing is just adding a new ethernet connection (
> actually just using the spare I have ) connected to the firewall, giving
the
> firewall one of the un-used IP address. Thus, I will have two subnets,
my
> existing IP allotment ( minus the 1 ), and the 192.168.xxx.xxx that I get
> from the Firewall. I plan to have SQL Server 2005 instances running on
the
> IP addresses in the 192.168.xxx.xxx block.
> I know this way is essentially stupid, but my client won't spring for a
new
> server, so I'm trying to make something work. This will give me my VPN
> tunnels, so that is half the problem. My question is, does this provide
me
> any additional security at all? Is there any way to have the server
> partitioned so that some of it is highly secure while some of it remains
> essentially a DMZ?
>
>|||The real question would be why would installing a new application require a
chang in the LAN Topology involving a firewall device? That make no
sense,...Applications are supposed to be ablivous to the underlying
Topology.
Yes, introducing a firewall changes the LAN Topology unless it is replacing
an already existing device.
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
"Phil" <prounds@.cassandragroup.com> wrote in message
news:u%23aLPichGHA.4388@.TK2MSFTNGP05.phx.gbl...
> I'm have an existing server (2003 Standard) hosting several sites, with
all
> the bells and whistles. I have a new application I want to add which
> requires the addition of a firewall appliance ( I'm looking at cisco 506
but
> that shouldn't matter) I need this both for the VPN Tunnels & for
security
> issues.
> I have approx 24 IPs running on this machine, with about 20 of them used
for
> different sites. I don't think I can assign this many IPs to a DMZ ( Can
> I?). So, I'm trying to come up with some other solution.
> What I'm thinking of doing is just adding a new ethernet connection (
> actually just using the spare I have ) connected to the firewall, giving
the
> firewall one of the un-used IP address. Thus, I will have two subnets,
my
> existing IP allotment ( minus the 1 ), and the 192.168.xxx.xxx that I get
> from the Firewall. I plan to have SQL Server 2005 instances running on
the
> IP addresses in the 192.168.xxx.xxx block.
> I know this way is essentially stupid, but my client won't spring for a
new
> server, so I'm trying to make something work. This will give me my VPN
> tunnels, so that is half the problem. My question is, does this provide
me
> any additional security at all? Is there any way to have the server
> partitioned so that some of it is highly secure while some of it remains
> essentially a DMZ?
>
>sql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment