easy about firewall

The Firewall keeps two NICs. The question is wether the Web Server goes on
one side of the firewall or the other.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Hernán Castelo" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> hi
> currently i have an intranet
> attached to a firewall (2 cards)
> internet access is provided by another department (edu domain)
>
> now, i have to connect a web server in my department ...
> it is a good idea to install one more card at the firewall
> 1 for the LAN, 1 exclusively for the webserver ?
>
> thanks
>

hi
currently i have an intranet
attached to a firewall (2 cards)
internet access is provided by another department (edu domain)

now, i have to connect a web server in my department ...
it is a good idea to install one more card at the firewall
1 for the LAN, 1 exclusively for the webserver ?

thanks

Hernán Castelo wrote:
> hi
> currently i have an intranet
> attached to a firewall (2 cards)
> internet access is provided by another department (edu domain)
>
> now, i have to connect a web server in my department ...
> it is a good idea to install one more card at the firewall
> 1 for the LAN, 1 exclusively for the webserver ?

It sounds like you are talking about a DMZ; there is rather more to setting
up a firewall system to support this kind of configuration than shoving
another network card into it.

thanks

internet is provided by other department
we have our own firewall machine
behind the firewall is my web server
incomming traffic would be destinated
to LAN users or web server

Your firewall must "publish" the web server so that others on the opposite
side can get to it. See your firewall's documentation,...every vendor does
it differently. They also like to write the dictionary to suit themselves,
so what one means by a certain "term" may not be the same thing a different
company means by the same "term".

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Hernán Castelo" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> thanks
>
> internet is provided by other department
> we have our own firewall machine
> behind the firewall is my web server
> incomming traffic would be destinated
> to LAN users or web server
>

thanks

we currently have a firewall computer running Linux,
and our intranet behind the firewall,
nothing more

i just want to isolate the LAN
from the web server, like it would run stand alone
(in order to reduce the scope of a potential attack)
so, how can i do this?
much better if i dont need another card
since i dont need to call the "linux guy"

in a nutshell, i have:
internet ---> InterNet Services Department ---> myFireWall ---> myLAN

i want :
internet ---> InterNet Services Department ---> myFireWall ---> myWEB
.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.. ---> myLAN

thanks
the web app has already its domain
and was currently running,
it is stopped for security upgrades:
the web app was pretty unsecure

"Hernán Castelo" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> i want :
> internet ---> InterNet Services Department ---> myFireWall ---> myWEB
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.. . . . . . . .
> . ---> myLAN


Your firewall must "publish" the web server so that others on the opposite
side can get to it. See your firewall's documentation,...every vendor does
it differently. They also like to write the dictionary to suit themselves,
so what one means by a certain "term" may not be the same thing a different
company means by the same "term".

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com