technical1
Technical User
Hi all,
I have a question regarding the config of a pix firewall.
At present our pix operates simply with an internal/external interface.
Internal machines have two network cards.
One card points to 192.168.245.0 network, which is then mapped to a public ip address using the pix.
Second card points to 192.168.246.0 network with mask 255.255.0.0 routing.
These machines are mainly webservers that receive requests on card one, and access the dynamic content via card two from a database.
The problem is if someone compromises card one (via port 80, web server) then they have free access to both networks.
I was wondering if i were to have two internal interfaces on the pix, then both networks would be behind seperate interfaces.
But would performance detetiorate becuase the machine is now only using one card for external web requests and for retrieving dyanamic content from the webserver via the pix.
Would the solution be to use ip routing and have both network cards on the same network behind the same interface?
I hope it doesnt too confusing.
Basically web servers behind one interface and database servers behind another. But utilising both network cards of the web servers!
I have a question regarding the config of a pix firewall.
At present our pix operates simply with an internal/external interface.
Internal machines have two network cards.
One card points to 192.168.245.0 network, which is then mapped to a public ip address using the pix.
Second card points to 192.168.246.0 network with mask 255.255.0.0 routing.
These machines are mainly webservers that receive requests on card one, and access the dynamic content via card two from a database.
The problem is if someone compromises card one (via port 80, web server) then they have free access to both networks.
I was wondering if i were to have two internal interfaces on the pix, then both networks would be behind seperate interfaces.
But would performance detetiorate becuase the machine is now only using one card for external web requests and for retrieving dyanamic content from the webserver via the pix.
Would the solution be to use ip routing and have both network cards on the same network behind the same interface?
I hope it doesnt too confusing.
Basically web servers behind one interface and database servers behind another. But utilising both network cards of the web servers!