i have an ISA 2000 firewall and would like to set up an additional hardware firewall, a SonicWall firewall. As to my understanding, the ISA requires two NIC cards to work. One for the LAN and one for the WAN. Also the same config is on the Sonicwall, one LAN port and one WAN port.
My question is how can i incorporate the SonicWall firewall to our existing ISA firewall since i would like to have a network setup wherein i have the advantage of a hardware and a software firewall?...
Well its a bit hard to help you out without an idea of what you want your network topology to look like. If you want the advantage of both.. I would suggest you place the hardware firewall closer to the perimeter (aka your border router / WAN link). After that you give yourself some DMZ space, and then you protect your internal network with the software firewall..
This way you reap the benefits of the dual protection for the internal network while the DMZ still remains protected behind the hardware firewall.
Many different setups come to mind.. read the 'firewall topologies' section for some ideas.. however just chaining them one behind the other without anything in the middle doesnt really seem worth the effort and expenditure.. not to mention the more complex you make these things, the more likely they are to fail because of some simple misconfiguration.
Greetings, I too have the same configuration, using ISA with SonicWall. You have to be very careful with double-NAT configuration as it will break some of your traffic/applications.
Depending on what you're trying to do and your current SonicWall device, the overall design changes. SonicWall Soho Tele, TZ-170, 2040? Enhanced OS or Standard? ISA with 1 or 2 nics? ISA to be sure needs to NICs, 1 if it's just a proxy.
Email me directly if you need some more help.
Cybershield Sr. Engineer.
MCSE, SonicWall Reseller, Security certified blah blah etc. etc.
my apologies if i was not clear with my inquiry. well our ISA server uses two (2) NICs, one for the external ip (or fro the WAN) and one for the internal ip (for the LAN) and the Sonicwall Firewall is a SOHO3.
the setup that i would like to do is that i would like to build a tight defense by using the two firewalls. i'm planning to put a dmz in between. (i don't know if i'm right on this but can i put something like a mail relay for the dmz so that i could filter incoming mails and those that are with virus attachments are quarantine in the mail relay before entering the internal email server..please correct me if i'm wrong)