Announcement

Collapse
No announcement yet.

Setting up hardware firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting up hardware firewall

    Hello,

    I have been put in charge of IT for my company! I have a HND in computing but no real experience with networking as such, other than running cables and pluuging them in!!

    We have a Netgear FVS124G firewall that i have been asked to setup!
    The current firewall is ISA server, but this is seriously slowing the internet so it was decided to use a hardware firewall!

    The current set up is.......



    How i would like it....



    I need help with setting up that hardware firewall, someone said somthing about the firewall having to be on the same subnet as the modem and still be able to talk to the server, i'm confused!!!

    can anyone tell me what i need to do, i have searched google but can't find anything useful there!!

    thanks...

    iain

  • #2
    Re: Setting up hardware firewall

    Congratulations!

    Oke, that firewall
    How many UTP ports does it have?
    Ussualy it has 3 ports
    1=Internet (Untrusted Zone)
    2=DMZ (Untrusted Zone or perimeter)
    3=Lan (Trusted Zone)

    Attache Zone 1 to your Modem

    About Zone 2 and 3, we need to know some things:

    1) what does that server do?
    2) Does it need to be reachable from the internet?
    3) If yes, What for?
    4) That Switch, is it a livel 2 or level 3 switch?
    5)In case of level 3, does it have routings, Vlans configured?
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

    Comment


    • #3
      Re: Setting up hardware firewall

      Ok, you're in the right hands here...

      First waht make of firewall..? Normally I would segment the network up into 2. Outside firewall / inside

      Inside firewall , this will become your network Default gateway.

      typical scenario:

      Server IP address: 192.168.0.1
      Subnet Mask: 255.255.255.0
      Default Gateway: 192.168.0.254
      DNS: 192.168.0.1

      (this would mean that the internal IP address of your firewall should be 192.168.0.254)

      Firewall Internal IP : 192.168.0.254
      Subnet Mask: 255.255.255.0

      Firewall External IP : 10.0.0.1
      Subnet Mask: 255.255.255.0

      Modem Internal IP address: 10.0.0.254
      Subnet Mask : 255.255.255.0

      You eill also have to create the necessary firewall rules to allow traffic from the 10.0.0.x network to flow through to your 192.168.0.x network...

      I will create a mini network map of how all this should look for you...

      Comment


      • #4
        Re: Setting up hardware firewall

        i will have a look at the firewall and double check the ports and get back to you on that one the firewall itself is a netgear vpn firewal FSV124G
        i will also have a look at the network swith and get back to you on that!

        the sever deals with ip allocating to all the client machines, plus it needs the internet for emails etc...

        thanks

        iain

        Comment


        • #5
          Re: Setting up hardware firewall

          the netgear firewall has the following ports:
          Wan 1
          Wan 2

          Lan 1
          Lan 2
          Lan 3
          Lan 4

          the switch is a D-Link DES1024D 24 port, plugged into this is a 3Com 8way hub!

          Hope that this helps!!

          Comment


          • #6
            Re: Setting up hardware firewall

            Connect WAN 1 to the modem
            Wan 2 is your DMZ, but looks like there is no DMZ, so don't plug anything.

            Conect Lin1 to the switch and connect your server to your switch.

            Log in to your management console of the firewall
            If you have one Public IP (if it static)
            Configure Wan1 to use this static Public IP

            If you have multiple, check your ISA configuration

            If you have one Public IP, create a VIP (Virtual IP) to your server for TCP port 25 (Mail) and port 80 (HTTP:OWA). If you use SSL open also port 443.

            If you have multiple Public IP's check your ISA or your MX record and create a MIP (Mapped IP) Open also TCP ports 25 (Mail, SMTP), 80 (HTTP) and 443 if needed.

            The easseast way to configure your firewall for inside trafic to go outside, is to allow anything from trust to untrust.
            [Powershell]
            Start-DayDream
            Set-Location Malibu Beach
            Get-Drink
            Lay-Back
            Start-Sleep
            ....
            Wake-Up!
            Resume-Service
            Write-Warning
            [/Powershell]

            BLOG: Therealshrimp.blogspot.com

            Comment


            • #7
              Re: Setting up hardware firewall

              Originally posted by 16bit View Post
              Hello,

              The current firewall is ISA server, but this is seriously slowing the internet ...

              iain
              Hmmm! and what is the exact eveidence for that? Perhaps it is just a lack of RAM. Is it installed on your SBS?
              TIA

              Steven Teiger [SBS-MVP(2003-2009)]
              http://www.wintra.co.il/
              sigpic
              Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

              We donít stop playing because we grow old, we grow old because we stop playing.

              Comment


              • #8
                Re: Setting up hardware firewall

                Originally posted by teiger View Post
                Hmmm! and what is the exact eveidence for that? Perhaps it is just a lack of RAM. Is it installed on your SBS?
                The Server is maxed out on RAM so no it's not that!

                Our network support guy, before his contract ran out, said the internet was running slow due to ISA server!

                Comment


                • #9
                  Re: Setting up hardware firewall

                  Hmmm ISA won't delay internet that much. I'm very sure about this.
                  maybe not enough diskspace or a wrong configuration?

                  And how much memory does the machine have?
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment

                  Working...
                  X