Firewall Wizards mailing list archives
Re: Gauntlet v3.0 (NT) questions
From: Steve George <steve () po i-way co uk>
Date: Wed, 27 Jan 1999 11:46:27 GMT
Hi Jim, Umm you are probably sending these questions to the wrong forum, you'd be better served by senind Gauntlet specific questions to gauntlet-users. 1) I think you can do DNS in the way you are suggesting, though I would be tempted to leave any external hosts as being advertised by your ISP, saves your bandwidth and makes things easier. 2) You don't want *any* sort of logical grouping across the FW, no Domain, no WINS, no shares etc. Gauntlet cannot proxy SMB so they should use FTP and logins which have been specified on the DMZ machines. Perhaps you should consider putting these machines on a thrid interface, called a 'service network' in the Gauntlet literature: this allows you to protect them more fully. Any trust relationships which extend beyond the FW weaken your security. Best wishes, Steve ---Reply to mail from Lisa Joan Haswell Hebert about Gauntlet v3.0 (NT) questions
Hi, I have a couple of questions regarding V3.0 of Gauntlet firewall on an NT platform. 1.) There is an internal DNS server that is the primary and currently the ISP supports a secondary DNS server. When we install the firewall the internal primary DNS server will remain. The plan is to do a split DNS by having the firewall become the primary DNS for the hosts that need to be advertised to the external networks. I believe that I need to have the firewall point to the internal DNS server and that the internal DNS server uses the forward command to the firewall's external IP interface. Is there anything else that I need to do to allow DNS through the firewall? 2.) There will be a DMZ that will have various web servers and ftp servers located on it. What do I need to do on the firewall to allow internal users access to these servers?, i.e., do I need to put the firewall in the same NT domain? Do I want to put the firewall in the same NT domain or should I do something differnet? Should those servers be able to access/announce themselves to the WINS server located on the internal network? Does this require that I turn off the computer browser on the firewall? Thanks in advance. Jim
---End reply
Current thread:
- Gauntlet v3.0 (NT) questions Lisa Joan Haswell Hebert (Jan 26)
- Re: Gauntlet v3.0 (NT) questions Steve George (Jan 27)