05-29-2009 02:35 AM - edited 02-21-2020 03:29 AM
Hello,
Could I have some help in placing CAS and CAM servers in my existing topology :).
Indeed I want to verify the conformity of Remote users(Connected Via VPN) to my inside servers by NAC, but I have some difficult in placing them.
Is it possible to configure the CAS in VGW mode?
please view the topology in attachement.
regards/.
05-29-2009 06:41 AM
is there a network (with servers or PC's) that sits between the front and back firewalls? I don't often see designs like this with back to back firewalls.
What type of vpn/fw device sits closest to your ISP router?
you will have to configure the CAS in an in-band mode, either L3 or VGW.
05-29-2009 07:18 AM
1/The FW that is closest to the ISP router is an ASA5550.the back FW is a fortinet.
The front FW is used as a VPN server, and there is a 2 DMZ, one for AAA Server, AD, CA Server. and the other is for Web servers.
The back firewall is used to protect mission critical servers, and other networks connected to it.
2/The network that I want to protect using NAC is a set of servers that will be accessed by VPN users.
Where should I place the CAM and CAS servers.
Regards/.
05-31-2009 05:43 PM
Hello Ismail,
The Auth DMZ looks like a suitable zone to place NAM.
Couple of questions, Im no pro in Fortinet, can you do source routing with it? Is the inside switch a L3 switch?
Regards
05-31-2009 11:51 PM
the inside switch is a catalyst 3560, it supports L3.
so for the CAS , where I can place it? Can I configure it as Virtual gateway?
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: