I've just been tasked with getting a solution together for securing our internal connectivity. Basically I have an internet link and what I need to do is install two firewalls there from different vendors, so one will be an asa and the other will be another company let's say for argument sake it's checkpoint. I have a few questions surrounding this.
1. Will one firewall sit in front of another. i.e. the asa is on the inner side and will have a default route to the checkpoint firewall, or am I wrong?
2. Will I have to have different external switches connected to each respective firewall? is this more secure?
3. Will both firewalls have to have external ip's?
4. Where will I be natting in order for internal/dmz traffic to go out to the internet, the asa or the checkpoint?
5. Where should I be terminating VPN's from the asa or the checkpoint?
5. How have other people done this kind of work?
Thanks in advance for any help