https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147197#M359752 <HTML><HEAD></HEAD><BODY><P>Compared to what Microsoft wants it to be a disadvantage is that the Edge Server won't be acting as a security device. Also you'll have to create NAT's and ACL's on the backside firewall for connectivity to the corporate LAN. I personally don't see those as disadvantages (and neither do most security engineers), but Microsoft doesn't like it. </P></BODY></HTML> Fri, 22 Mar 2013 02:31:58 GMT Collin Clark 2013-03-22T02:31:58Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147188#M359743 <P>Hi ,</P><P></P><P></P><P>I have to configuration for data center network with two tier firewall.</P><P></P><P>Our data centre will DMZ server and Microsoft Lync Server.</P><P></P><P>Server team advise me to put DMZ servers between two firewall.</P><P></P><P>So I need to NAT on front end firewall with DMZ LAN and Public IP addres.</P><P></P><P>At Back end firewall also have to NAT ( internal LAN and DMZ second Interface)</P><P></P><P>Please check as below link: which design do you prefer?</P><P></P><P><A href="http://etherealmind.com/design-enterprise-dmz-firewall-clusters/" target="_blank">http://etherealmind.com/design-enterprise-dmz-firewall-clusters/</A></P><P></P><P></P><P>Please advise me.</P><P></P><P>Thanks,</P><P></P><P>Ko Htwe</P> Tue, 12 Mar 2019 01:17:19 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147188#M359743 aung.htwe 2019-03-12T01:17:19Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147189#M359744 <HTML><HEAD></HEAD><BODY><P>I usually do a DMZ between the firewalls. I recently did that with a Lync deployment and it works just fine.</P></BODY></HTML> Thu, 21 Mar 2013 18:25:32 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147189#M359744 Collin Clark 2013-03-21T18:25:32Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147190#M359745 <HTML><HEAD></HEAD><BODY><P>Thanks Collin,</P><P></P><P>Can I used this design? please advise me.</P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/6/8/7/132786-desktop.jpg" class="jive-image" /></P><P></P><P>Please advise me thanks,</P><P></P><P>Ko Htwe</P></BODY></HTML> Fri, 22 Mar 2013 00:28:13 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147190#M359745 aung.htwe 2013-03-22T00:28:13Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147191#M359746 <HTML><HEAD></HEAD><BODY><P>That will work, but it doesn't make much sense and makes it more complicated than it needs to be. Why have dual NIC's in the servers with one in each network? That will make it a routing mess on the servers. Why not have a single NIC in the server and place it in the 192.168.0.0/24 network?</P></BODY></HTML> Fri, 22 Mar 2013 00:54:29 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147191#M359746 Collin Clark 2013-03-22T00:54:29Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147192#M359747 <HTML><HEAD></HEAD><BODY><P>Hi Collin,</P><P></P><P>This server is lync edge server. My idea is one network card for to NAT with public IP adddress ( 172.16.2.x NAT with Public IP ). One is for the Internal Firewall To NAT with internal network. (20.20.0.x NAT with internal IP 10.10.0.x).</P><P>Your suggestion is want to use one NIC with one IP address for DMZ server going to both firewall, is it ?</P><P>Please advise me, thanks.</P><P></P><P></P><P>&nbsp; Thanks,</P><P>&nbsp;&nbsp; Ko Htwe</P></BODY></HTML> Fri, 22 Mar 2013 01:49:11 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147192#M359747 aung.htwe 2013-03-22T01:49:11Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147193#M359748 <HTML><HEAD></HEAD><BODY><P>By using one NIC in the server, you can accomplish the same thing as two NIC's and I think it keeps the design simpler.</P></BODY></HTML> Fri, 22 Mar 2013 01:53:56 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147193#M359748 Collin Clark 2013-03-22T01:53:56Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147194#M359749 <HTML><HEAD></HEAD><BODY><P>Thanks Collin, I appreciated that.If I will do this design what will be cause the issue and what will have adavantages?</P><P></P><P>Thanks,</P><P></P><P>Ko Htwe</P></BODY></HTML> Fri, 22 Mar 2013 02:16:25 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147194#M359749 aung.htwe 2013-03-22T02:16:25Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147195#M359750 <HTML><HEAD></HEAD><BODY><P>What do you mean by cause the issue?</P></BODY></HTML> Fri, 22 Mar 2013 02:19:04 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147195#M359750 Collin Clark 2013-03-22T02:19:04Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147196#M359751 <HTML><HEAD></HEAD><BODY><P>Hi Collin,</P><P></P><P>If I will use this desing, what is the disadvantages?</P><P></P><P></P><P>Thanks,</P><P></P><P>Ko Htwe</P></BODY></HTML> Fri, 22 Mar 2013 02:27:25 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147196#M359751 aung.htwe 2013-03-22T02:27:25Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147197#M359752 <HTML><HEAD></HEAD><BODY><P>Compared to what Microsoft wants it to be a disadvantage is that the Edge Server won't be acting as a security device. Also you'll have to create NAT's and ACL's on the backside firewall for connectivity to the corporate LAN. I personally don't see those as disadvantages (and neither do most security engineers), but Microsoft doesn't like it. </P></BODY></HTML> Fri, 22 Mar 2013 02:31:58 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147197#M359752 Collin Clark 2013-03-22T02:31:58Z https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147198#M359753 <HTML><HEAD></HEAD><BODY><P>Thanks Collin,</P><P></P><P></P><P>Please check it this design, actually I propose this design. Can you advise me for advantages and disadvantages?</P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/9/8/7/132789-desktop2.jpg" class="jive-image" /></P><P></P><P></P><P>Thanks,</P><P></P><P>Ko Htwe</P></BODY></HTML> Fri, 22 Mar 2013 02:57:46 GMT https://community.cisco.com/t5/network-security/two-tier-firewall/m-p/2147198#M359753 aung.htwe 2013-03-22T02:57:46Z