Hi,
I currently have a Watchguard Firebox X 1000 configured as our main firewall/gateway router.
We have one DMZ, Trusted and External network defined.
What we want to do is put in an ISA Server 2006 in order to do Outlook Web Access over HTTPS properly but I've heard that you can't do application publishing when its configured in a proxy type mode (1 NIC versus 2+).
Leaving the Watchguard networks they way they are, what is the best way to integrate these two firewalls in a configuration that will do what we want.
My one proposed solution would be to do a dual gateway firewall config.
What I mean is that we essentially have two gateway firewalls, one configured for one public (static) address and the other configured with another. The connection has a switch in front to split the incoming internet connection.
Configure the ISA Server to connect to the watchguards DMZ(on the inside) using a switch which means effectively we bypass the watchguard external portion of the firewall for any Outlook web access traffic sent from the ISA Server firewall. We then use RADIUS to authenticate through the Watchguards DMZ (Optional) port to Trusted domain allowing only DNS and RADIUS (and encrypted web traffic between the trusted exchange server and the ISA Server).
Will this work or will there be routing / security issues with having essentially two gateway firewalls ?
I currently have a Watchguard Firebox X 1000 configured as our main firewall/gateway router.
We have one DMZ, Trusted and External network defined.
What we want to do is put in an ISA Server 2006 in order to do Outlook Web Access over HTTPS properly but I've heard that you can't do application publishing when its configured in a proxy type mode (1 NIC versus 2+).
Leaving the Watchguard networks they way they are, what is the best way to integrate these two firewalls in a configuration that will do what we want.
My one proposed solution would be to do a dual gateway firewall config.
What I mean is that we essentially have two gateway firewalls, one configured for one public (static) address and the other configured with another. The connection has a switch in front to split the incoming internet connection.
Configure the ISA Server to connect to the watchguards DMZ(on the inside) using a switch which means effectively we bypass the watchguard external portion of the firewall for any Outlook web access traffic sent from the ISA Server firewall. We then use RADIUS to authenticate through the Watchguards DMZ (Optional) port to Trusted domain allowing only DNS and RADIUS (and encrypted web traffic between the trusted exchange server and the ISA Server).
Will this work or will there be routing / security issues with having essentially two gateway firewalls ?