Firewall Wizards mailing list archives
RE: Putting MS servers behind firewalls
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 8 Jun 2004 10:53:56 -0400 (EDT)
On Tue, 8 Jun 2004, Mark Gumennik wrote:
Keep in mind that this router (or a fw in your case) becomes a backbone (bottleneck) of your LAN
Not much of one in most cases, so long as the rules are organized well- large corporations route through to the backbone anyway, and filter rules don't have a noticable effect unless they're very poorly done (even rules to block the camper's access to the Quake server temporarily on a core 7513 routing ~12 floors of people, or so I've been told...) Heck, my home firewall will pass 2Gb/s of traffic, and it's sitting on a 10/100 LAN- bottlenecking is not that much of a problem these days. You should worry if you get a great deal of latency added, but other than in GigE environments, and places that have serious broadcast issues anyway, I haven't seen a real firewall or router bottleneck in about 6 years that couldn't be dealt with by having some good rule ordering.
Best of all just put Exchange bridgehead behind a fw (DMZ), open port 25 to it and put all AD servers on a regular LAN
You can put the IMCs on different servers- but probably the original poster is trying to protect infrastructure from compromised internal hosts- which is a more difficult nut to crack. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Putting MS servers behind firewalls Dilan Walgampaya (Jun 07)
- Re: Putting MS servers behind firewalls Luca Berra (Jun 08)
- Re: Putting MS servers behind firewalls Paul D. Robertson (Jun 08)
- Re: Putting MS servers behind firewalls Devdas Bhagat (Jun 08)
- Re: Putting MS servers behind firewalls Tichomir Kotek (Jun 09)
- Re: Putting MS servers behind firewalls Devdas Bhagat (Jun 08)
- Re: Putting MS servers behind firewalls Dave Piscitello (Jun 08)
- RE: Putting MS servers behind firewalls Mark Gumennik (Jun 08)
- RE: Putting MS servers behind firewalls Paul D. Robertson (Jun 08)
- Re: Putting MS servers behind firewalls Dan Harp (Jun 08)
- Message not available
- Re: Putting MS servers behind firewalls Victor Williams (Jun 08)
- <Possible follow-ups>
- RE: Putting MS servers behind firewalls Michael H (Jun 07)
- More infor - Re: Putting MS servers behind firewalls Dilan Walgampaya (Jun 08)
- Re: Putting MS servers behind firewalls firewalladmin (Jun 07)
- RE: Putting MS servers behind firewalls Melson, Paul (Jun 08)
- RE: Putting MS servers behind firewalls Kelly, Chris W. (Jun 08)
- Re: Putting MS servers behind firewalls Johann_van_Duyn (Jun 09)