Question on Network Setup

I have a question about 2 diferent options for a network for a small company.
We have about 30 client machines running Windows XP, a server running Windows
2003 Server (Server1) hosting Website, Database, corporate documents, windows
shares, active directory, DNS and dhcp. We have another server running
Windows 2003 Server (Server2) set up as our mail server. We are using a
SonicWall TZ170 for our gateway. We also have a Netscreen 5xp
router/firewall. Below are 2 different network setups that I would like to
get the opinion of the group as to what the best setup would be, and why.

Setup 1 - Netscreen 5xp firewall is the gateway (Public address
xxx.xxx.xxx.162)for the LAN. Private side goes to internal lan switch. Server
1 has 2 NICS. Private NIC goes to internal lan switch, public NIC goes to
SonicWall firewall private side. Sonicwall firewall (public IP address is
xxx.xxx.xxx.162). All external http and database request to the Server1 go
through the SonicWall firewall to the server on the public NIC. All LAN
traffic to Server1 gets handled by the private NIC on the server. All client
machines use the Netscreen 5xp as there gateway to the outside world.

Setup 2 - In this setup, the netscreen 5xp is not used. the SonicWall and
Server1 are used as the gateway. Private side of the SonicWall goes to the
public NIC on Server1. Private NIC on Server1 goes to the LAN switch. All
client traffic on the LAN is routed through the server to the SonicWall using
Remote access and routing. All http and database requests come in on the
public NIC on server1.

Thanks in advance for any comments.

Patrick Parks

Correction to below, the SonicWall Firewall Public IP address is
xxx.xxx.xxx.163.

"Patrick Parks" wrote:

> I have a question about 2 diferent options for a network for a small company.
> We have about 30 client machines running Windows XP, a server running Windows
> 2003 Server (Server1) hosting Website, Database, corporate documents, windows
> shares, active directory, DNS and dhcp. We have another server running
> Windows 2003 Server (Server2) set up as our mail server. We are using a
> SonicWall TZ170 for our gateway. We also have a Netscreen 5xp
> router/firewall. Below are 2 different network setups that I would like to
> get the opinion of the group as to what the best setup would be, and why.
>
> Setup 1 - Netscreen 5xp firewall is the gateway (Public address
> xxx.xxx.xxx.162)for the LAN. Private side goes to internal lan switch. Server
> 1 has 2 NICS. Private NIC goes to internal lan switch, public NIC goes to
> SonicWall firewall private side. Sonicwall firewall (public IP address is
> xxx.xxx.xxx.162). All external http and database request to the Server1 go
> through the SonicWall firewall to the server on the public NIC. All LAN
> traffic to Server1 gets handled by the private NIC on the server. All client
> machines use the Netscreen 5xp as there gateway to the outside world.
>
> Setup 2 - In this setup, the netscreen 5xp is not used. the SonicWall and
> Server1 are used as the gateway. Private side of the SonicWall goes to the
> public NIC on Server1. Private NIC on Server1 goes to the LAN switch. All
> client traffic on the LAN is routed through the server to the SonicWall using
> Remote access and routing. All http and database requests come in on the
> public NIC on server1.
>
> Thanks in advance for any comments.
>
> Patrick Parks

"Patrick Parks" <(E-Mail Removed)> wrote in message
news:47D2323B-7448-4804-B482-(E-Mail Removed)...
> Setup 1 - Netscreen 5xp firewall is the gateway (Public address
> xxx.xxx.xxx.162)for the LAN. Private side goes to internal lan switch.
Server
> 1 has 2 NICS. Private NIC goes to internal lan switch, public NIC goes to
> SonicWall firewall private side. Sonicwall firewall (public IP address is
> xxx.xxx.xxx.16[3]). All external http and database request to the Server1
go
> through the SonicWall firewall to the server on the public NIC. All LAN
> traffic to Server1 gets handled by the private NIC on the server. All
client
> machines use the Netscreen 5xp as there gateway to the outside world.

Won't work. Addressing is wrong. Either use the Netscreen by itself or use
proper addressing to create a Back-to-Back DMZ with the SonicWall.

> Setup 2 - In this setup, the netscreen 5xp is not used. the SonicWall and
> Server1 are used as the gateway. Private side of the SonicWall goes to the
> public NIC on Server1. Private NIC on Server1 goes to the LAN switch. All
> client traffic on the LAN is routed through the server to the SonicWall
using
> Remote access and routing. All http and database requests come in on the
> public NIC on server1.

Why is Server1 involved? Use the SonicWall by itself.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Phillip Windell wrote:
> Why is Server1 involved? Use the SonicWall by itself.
>

Thanks, this is what I wanted to confirm. Why would the ppl who set this
up use NAT through the server, then NAT through the SonicWall? I asked
them the same question, and the answer I got was "We do this all the
time with other clients"

"Patrick Parks" <(E-Mail Removed)> wrote in message
news:kWc2e.8595$a%(E-Mail Removed)...
>Thanks, this is what I wanted to confirm. Why would the ppl who set this
>up use NAT through the server, then NAT through the SonicWall? I asked
>them the same question, and the answer I got was "We do this all the time
>with other clients"

Possibly because they thought they wanted a back-to-back DMZ.

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

As Todd said,...this creates a Back-to-Back DMZ. That is fine if you want
one,..and know how to deal with one. If it is working fine that way and you
aren't having trouble, then leave it that way,..it is a legitiment setup. I
just always suggest the most simplest method when I reply to people and I
don't try to push them into certain types of more complex setups if I either
feel they might not understand it or know how to manage it after the fact.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Patrick Parks" <(E-Mail Removed)> wrote in message
news:kWc2e.8595$a%(E-Mail Removed)...
> Phillip Windell wrote:
> > Why is Server1 involved? Use the SonicWall by itself.
> >
>
> Thanks, this is what I wanted to confirm. Why would the ppl who set this
> up use NAT through the server, then NAT through the SonicWall? I asked
> them the same question, and the answer I got was "We do this all the
> time with other clients"

Thanks both of you for the replies. I am by far an expert, but I am
pretty well versed in networks and setups. The Windows part of the
equation is what is fairly new to me. I came over from the Linux side to
Windows 2003 Server











Phillip Windell wrote:
> As Todd said,...this creates a Back-to-Back DMZ. That is fine if you want
> one,..and know how to deal with one. If it is working fine that way and you
> aren't having trouble, then leave it that way,..it is a legitiment setup. I
> just always suggest the most simplest method when I reply to people and I
> don't try to push them into certain types of more complex setups if I either
> feel they might not understand it or know how to manage it after the fact.
>
>

"Patrick Parks" <(E-Mail Removed)> wrote in message
news:S1n2e.15232$%(E-Mail Removed)...
> Thanks both of you for the replies. I am by far an expert, but I am
> pretty well versed in networks and setups. The Windows part of the
> equation is what is fairly new to me. I came over from the Linux side to
> Windows 2003 Server

Ok. That's fine.
I just don't actually "know" the people I reply to, and I would rather
underestimate their ability than over estimate it,..it is safer :-)

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com