| Author |
Message |
SBSuser
Guest
|
 Posted:
Fri Dec 31, 2004 10:26 pm Post subject:
Two Nics really needed? |
|
|
I have the following scenario:
T-1 Router - Cisco PIX firewall - Switch - Server and
Workstations
The PIX, server and WS's connect to the Switch.
The PIX connects EThernet 0 to Internet thru the router
and connects Ethernet 1(internal) to the Switch
My boss insists I need to implement two Nic's on the SBS
server. I think we do not need it.
What's your opinion? |
|
| Back to top |
|
 |
Merv Porter [SBS-MVP]
Guest
|
| Posted:
Fri Dec 31, 2004 11:47 pm Post subject:
Re: Two Nics really needed? |
|
|
Security in layers... 2 NICs are a better insurance policy. If your PIX is
breached, your entire LAN is exposed. If you implemented SBS 2000 with 2
NICs, you could have ISA running in "integrated (firewall) mode" on the
server. This gives you the PIX as the first line of defense and ISA on the
external NIC as a second line of defense. Of course, there's a learning
curve with ISA and the complexity of administering your network is
marginally increased. But it all comes down to risk assessment.
--
Merv Porter [SBS MVP]
===================================
"SBSuser" <anonymous@discussions.microsoft.com> wrote in message
news:0b6301c4ef55$7d385940$a401280a@phx.gbl...
| Quote: | I have the following scenario:
T-1 Router - Cisco PIX firewall - Switch - Server and
Workstations
The PIX, server and WS's connect to the Switch.
The PIX connects EThernet 0 to Internet thru the router
and connects Ethernet 1(internal) to the Switch
My boss insists I need to implement two Nic's on the SBS
server. I think we do not need it.
What's your opinion?
|
|
|
| Back to top |
|
|
SBSuser
Guest
|
| Posted:
Sat Jan 01, 2005 12:07 am Post subject:
Re: Two Nics really needed? |
|
|
OK Merv, that sounds good. Considering my scenario and
adding the other NIC. How would you rearrange my layout
keeping the PIX in there? How would you connect the devices
(sequence)?What changes in configuration?
Thanks
| Quote: | -----Original Message-----
Security in layers... 2 NICs are a better insurance
policy. If your PIX is
breached, your entire LAN is exposed. If you implemented
SBS 2000 with 2
NICs, you could have ISA running in "integrated
(firewall) mode" on the
server. This gives you the PIX as the first line of
defense and ISA on the
external NIC as a second line of defense. Of course,
there's a learning
curve with ISA and the complexity of administering your
network is
marginally increased. But it all comes down to risk
assessment.
--
Merv Porter [SBS MVP]
===================================
"SBSuser" <anonymous@discussions.microsoft.com> wrote in
message
news:0b6301c4ef55$7d385940$a401280a@phx.gbl...
I have the following scenario:
T-1 Router - Cisco PIX firewall - Switch - Server and
Workstations
The PIX, server and WS's connect to the Switch.
The PIX connects EThernet 0 to Internet thru the router
and connects Ethernet 1(internal) to the Switch
My boss insists I need to implement two Nic's on the SBS
server. I think we do not need it.
What's your opinion?
.
|
|
|
| Back to top |
|
|
Mike H
Guest
|
| Posted:
Sat Jan 01, 2005 12:29 am Post subject:
Re: Two Nics really needed? |
|
|
On Fri, 31 Dec 2004 08:26:32 -0800, SBSuser wrote:
| Quote: | I have the following scenario:
T-1 Router - Cisco PIX firewall - Switch - Server and
Workstations
The PIX, server and WS's connect to the Switch.
The PIX connects EThernet 0 to Internet thru the router
and connects Ethernet 1(internal) to the Switch
My boss insists I need to implement two Nic's on the SBS
server. I think we do not need it.
What's your opinion?
|
Watching this thread with interest. That's very close to my situation.
You didn't mention ISA Server.
--
Mike H |
|
| Back to top |
|
|
Merv Porter [SBS-MVP]
Guest
|
| Posted:
Sat Jan 01, 2005 12:41 am Post subject:
Re: Two Nics really needed? |
|
|
Seems like the T1 router and the PIX can remain unchanged. You'd just put
your external NIC on the SBS in the same subnet as the LAN side of the PIX.
Then the SBS server internal NIC and the workstation NICs plug into the
switch (which is no longer connected to the PIX). I know next to nothing
about Cisco PIX firewall devices, but have you looked at:
Two Nics, a static IP address, ISA, router
http://www.smallbizserver.net/Default.aspx?tabid=52
--
Merv Porter [SBS MVP]
===================================
"SBSuser" <anonymous@discussions.microsoft.com> wrote in message
news:0bb501c4ef63$8a028c00$a401280a@phx.gbl...
| Quote: | OK Merv, that sounds good. Considering my scenario and
adding the other NIC. How would you rearrange my layout
keeping the PIX in there? How would you connect the devices
(sequence)?What changes in configuration?
Thanks
-----Original Message-----
Security in layers... 2 NICs are a better insurance
policy. If your PIX is
breached, your entire LAN is exposed. If you implemented
SBS 2000 with 2
NICs, you could have ISA running in "integrated
(firewall) mode" on the
server. This gives you the PIX as the first line of
defense and ISA on the
external NIC as a second line of defense. Of course,
there's a learning
curve with ISA and the complexity of administering your
network is
marginally increased. But it all comes down to risk
assessment.
--
Merv Porter [SBS MVP]
===================================
"SBSuser" <anonymous@discussions.microsoft.com> wrote in
message
news:0b6301c4ef55$7d385940$a401280a@phx.gbl...
I have the following scenario:
T-1 Router - Cisco PIX firewall - Switch - Server and
Workstations
The PIX, server and WS's connect to the Switch.
The PIX connects EThernet 0 to Internet thru the router
and connects Ethernet 1(internal) to the Switch
My boss insists I need to implement two Nic's on the SBS
server. I think we do not need it.
What's your opinion?
.
|
|
|
| Back to top |
|
|
David Elders
Guest
|
| Posted:
Sat Jan 01, 2005 11:20 pm Post subject:
Re: Two Nics really needed? |
|
|
That's because you *need* to go down the 2 NICs route to use ISA in SBS2K.
Dunno if its the same with SBS2K3 or not... as per Merv's response, I'd
recommend the 2 NIC approach. Another layer of security for the cost of a
2nd NIC in the form of an industry-strength firewall [ISA] is a no-brainer
from where I sit.
David
"Mike H" <mkREMOVEhuskeyALL@THIShotmail.invalid> wrote in message
news:OprLca27EHA.2180@TK2MSFTNGP12.phx.gbl...
| Quote: | On Fri, 31 Dec 2004 08:26:32 -0800, SBSuser wrote:
I have the following scenario:
T-1 Router - Cisco PIX firewall - Switch - Server and
Workstations
The PIX, server and WS's connect to the Switch.
The PIX connects EThernet 0 to Internet thru the router
and connects Ethernet 1(internal) to the Switch
My boss insists I need to implement two Nic's on the SBS
server. I think we do not need it.
What's your opinion?
Watching this thread with interest. That's very close to my situation.
You didn't mention ISA Server.
--
Mike H |
|
|
| Back to top |
|
|
Lanwench [MVP - Exchange]
Guest
|
| Posted:
Sun Jan 02, 2005 6:17 am Post subject:
Re: Two Nics really needed? |
|
|
SBSuser wrote:
| Quote: | I have the following scenario:
T-1 Router - Cisco PIX firewall - Switch - Server and
Workstations
The PIX, server and WS's connect to the Switch.
The PIX connects EThernet 0 to Internet thru the router
and connects Ethernet 1(internal) to the Switch
My boss insists I need to implement two Nic's on the SBS
server. I think we do not need it.
What's your opinion?
|
Only if you need ISA. You do not *need* two NICs otherwise....it's really up
to you. I personally dislike multihomed domain controllers and tend to avoid
them, but that's just my bias. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in