Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
0
Helpful
3
Replies

Using two firewalls on the network

cwelhous
Level 1
Level 1

‎01-31-2005 12:36 PM - edited ‎03-02-2019 09:23 PM

Hi all,

We need to change the network configuration in the company.

Actually we have Switch-Routers (non-Cisco) to manage the routing packets. Users and Servers have access to the Internet through a Cisco 520 Pix Firewall.

This firewall have two DMZs for other uses, like e-commerce, external users.

The users and server are on diferent vlans.

The new configuration we need is:

- Add a new firewall (Pix 515E) into the network only for the Internet access of the users.

- The old firewall will be use for the Internet access of the Servers located in the Lan and for the services located into the DMZs.

- Both firewalls will be connected to the internet.

My questions are,

1. How can I route the inside packets to each firewall according to my needs? For example, when the packets (from a user) need access to the internet, or when the packets from a server located into the Lan and I want that it use the internet connection located on the old firewall?

2. I think one of the issue is using diferent default gateways depending the interface (vlan), Is this correct? Which commands do I have to use? At the moment the main switch-router use one default gateway, the firewall's ip address in use.

Thanks in advance,

Regards,

Carlos Welhous

Network Engineer

1(809)334-7180

www.tricom.net

Dominican Republic

Labels:
0 Helpful
3 Replies 3

pradeepde
Level 5
Level 5

‎02-04-2005 10:51 AM

I want to share that some summarizes tasks you should perform when you first configure your PIX Firewall to establish unrestricted outbound connectivity through the firewall. For more information plse refer the below link.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113411

0 Helpful

sachin
Level 1
Level 1
In response to pradeepde

‎02-04-2005 11:05 PM

I assume that your Internet router is different then your internal router.So you can do policy routing on your internal router. Then from that router depending on the destination you can set the default gateways to either of firewall.You have to check whether that non-cisco router supports policy routing. Pls post the topology mentioning router-firewall.

0 Helpful

scottmac
Level 10
Level 10

‎02-05-2005 07:18 AM

A static route for all of your internal address blocks, a default route to the second (Internet) firewall.

Everything destined to an internal server is caught by the statics, any other unknown address is sent to the Internet Firewall.

You can get fancier than that but, generally, keeping it as simple as possible is usually a good rule to follow.

Good Luck

Scott

0 Helpful
Customers Also Viewed These Support Documents