Search this Blog

Monday, May 9, 2011

Connecting modem-2950-2 gateway/firewall appliances



Here's what I would like the setup to look like. The Dashed lines are not to be touched and are on a seperate VLAN (say VLAN 100). Policies are set on the fortigate to prevent the DMZ side of things from communicating with the internal side of things, other than the internal DNS/AD (one in the same) servers. Now if I was to configure the 4 ports on the right of the DMZ to VLAN 200 and set them to just regular switchport's, would this setup be sufficient for sharing the ISP between the two Gateways? My guess is no, since there has got to be some kind of routing between the 2 appliances...but I was lead to believe this was setup and functional previously in this way.
What you are trying to achieve is getting one single Internet link connected to both of your firewall appliances using a Switch to split the connection. That is possible, just remember to either use a separated VLAN and if possible use other switch than the one you are already using for other functions, so that you are not creating a single point of failure for two segments of your network. As of the Firewalls, I'm not familiar with the Fortigates on this matter, but with Cisco ASA Appliances you can use one single IP if they are in a failover cluster; optionally you can use two but that is to manage the standby one for IOS updates, etc...But I'll rather use the internal IP address instead of wasting one public IP address only for management purposes. Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

1 comment :

  1. That is possible, just remember to either use a separated VLAN and if possible use other switch than the one you are already using for other functions, so that you are not creating a single point of failure for two segments of your network. appliances

    ReplyDelete

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */