Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

A Server with two nic cards, don't see how.

  • Filter
  • Time
  • Show
Clear All
new posts

  • A Server with two nic cards, don't see how.


    I am studying Direct Access within Windows 2012 R2.

    At some point the online teacher says it can be deployed in a two-card-nic scenario , and I am trying to figure out how.

    I came up with the graph I attach, which shows a Direct Access server in a DMZ with only one nic adapter.

    I used to do it like that with other services, putting in that DMZ with only one NIC.

    I placed the question here, should I put it into the Windows 2012 server ?, I think it concerns primarily to networking though.

    Edition: I know that there are several single points of failure in that graph.

    Thanks in advance!
    Attached Files
    Madrid (Spain).

  • #2
    If you were using two NICs, you'd do it something like this. It's a bit simplified and doesn't apply switches etc.
    At the left hand side, you have the Untrust zone. In the middle, you have the DMZ zone, at the right hand side, the Trust zone.

    The Red firewall between Untrust and DMZ is your public firewall. Each of those red cables to a blue DMZ server is the physical connection to the "Untrust" or public side of the DMZ Server.
    The DMZ Servers then have a second NIC (Orange, for DMZ-to-Trust zone) and connects to an internal firewall.
    The Orange filewall between DMZ and Trusted is your internal firewall. The green cables to the internal servers represent the trusted network zone.

    Then, you apply your firewall rules so traffic transitting Untrust firewall is only allowed to connect to specific IP addresses in the DMZ (whether these are legit public ip addresses like or if you're doing NAT) on specific ports.
    Same on the internal firewall. Traffic is only allowed to transit DMZ from specific IP addresses to specific internal addresses.
    Traffic is also generally denied to the DMZ, unless it's return traffic.

    You could use ISA for your firewalls, or you could use PIX, ASA, Fortigate, Juniper, whatever.

    The whole theory here is, each zone is isolated.

    you'd also want to hae separate switches everywhere.. posibly use vlans,..

    It's hard to say how you'd use two NICs in your scenario, without knowing quite a bit more - like how the physical nics (or virtual nics...) would be physically connected.

    Attached Files
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Thank you so much TehCamel !!

      I really appreciate it. I am not new to firewalls and networking but not an expert either at all.
      Last edited by loureed4; 22nd March 2016, 12:15.
      Madrid (Spain).