topic Re: Firewall Implementation in Network Security

Firewall Implementation

Maro.Cisco — Tue, 12 Mar 2019 02:04:07 GMT

Is it advisable to place a firewall infront of my server farm???? and why

Re: Firewall Implementation

Scott Fella — Thu, 27 Jun 2013 15:40:59 GMT

Firewall questions should be posted in the Security Firewall forum. This forum is strictly wireless.

Sent from Cisco Technical Support iPhone App

Re: Firewall Implementation

Julio Carvajal — Sat, 29 Jun 2013 04:03:12 GMT

Hello Maro,

A firewall is a device that will be place into the network to filter traffic (depending on the security policies your managment team has set) to protect the internal resources from both internal and outside threaths,

So if you place a firewall in front of a server farm that will protect them it would be amazing,

Now remember that you will need to configure the firewall to allow access to those servers on the right ports/services,

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Firewall Implementation

Maro.Cisco — Sat, 29 Jun 2013 04:20:30 GMT

ok what do u think about this implementation ,

i have servers that will be exposed to the internet access , also i have server farm which will be used to internal use , now what do u think of this design , Internet-----Redundant Firewall1 with IPS------Firewall 2----------Core switch -------------Distributuion switchs-------------End user.

Firewall1: outer interface to internet , Internal interface to firewall2 , DMZ interface to DNS and EMail server

Firewall2 : Outer interface to firewall1 , DMZ interface to Server Farm , internal interface for core switchs.

Firewall Implementation

Julio Carvajal — Sat, 29 Jun 2013 04:30:49 GMT

Hello Maro,

It's looks like you will need to be less restrictive on the Outside firewall as you will have some servers on the DMZ but you can be as restrictive as you want on the 2 ASA,

I like the approach as you are not just adding one layer of security, you are going beyond that which is pretty good,

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Firewall Implementation

Maro.Cisco — Sat, 29 Jun 2013 04:46:35 GMT

Thank you but one last question , i have bluecoat which is acting as a internet proxy server to wireless users and websense for lan users access where shall i place those devices ???

Firewall Implementation

Julio Carvajal — Sat, 29 Jun 2013 05:27:25 GMT

Hello Maro,

That depends, if it's just for wireless users you could place it on the same vlan than them (so the ASA does not need to handle that process{Redirect traffic to the Websense server}) but if you need to forward the traffic from multiple subnets you will then need to consider using the ASA to redirect the traffic to those proxies,

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Firewall Implementation

Maro.Cisco — Sat, 29 Jun 2013 06:24:24 GMT

yes for being restrictive on the firewall2 which is connected to server farm and internal users , the link connected to firewall1 will be level 0 thus no traffic will be allowed by default from firewall1 going to server farm or internal users, on the otherhand traffic from internal users to serverfarm will be allowed as they will have a higher level security but i would even make policy that traffic going from internal users to server farm would be allowed based on specific servers ports.

Firewall Implementation

Julio Carvajal — Sat, 29 Jun 2013 15:41:32 GMT

Hello Maro,

Excellent,

I have sent you a private message

Regards,

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Firewall Implementation

Maro.Cisco — Sun, 30 Jun 2013 13:10:14 GMT

Hello Jcarvaja ,

im not sure if i got your point about where to attach my websense and bluecoat servers should it be connected to the outside firewall or the 2nd firewall which is better as best practise???.

Firewall Implementation

Julio Carvajal — Sun, 30 Jun 2013 16:12:24 GMT

Hello Maro,

I meant to say:

I guess you are gonna use it to filter the traffic being generated by the inside users right?

So you could place it on the same interface than the clients, in this way traffic will reach the ASA and go redirected to the right server so traffic can be filtered,

Regards

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Firewall Implementation

Maro.Cisco — Sun, 30 Jun 2013 16:42:25 GMT

i was thinking to connect my bluecoat server ( guest wireless users) and my websense ( Wired internet traffic) to Firewall1 DMZ interface ???? so upload traffic going from internal users to internet will be PC>>Distrubtion switch > Core Switch >>> Firewall2 >>>> Firewall 1 >>> DMZ >>Blue Coat / Websense>>>Firewall1 >>>> Internet????

Firewall Implementation

Julio Carvajal — Sun, 30 Jun 2013 17:10:16 GMT

Hello Maro,

I mean, you should redirect the traffic at the firewall level and it should work,

No problem at all where you place it, it just that depending where you place it traffic will need to go further,

But again if everything is properly configured you should be good

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.