How many servers can be set up on DMZ? I have failover set up between 2 515s, each has 3 interfaces. In order to have failover to work with DMZ, should I need another switch to connect the DMZ ports of the 2 Pixes and rest of the servers ?? I'm planning to have 2 webservers and 1 mail server on DMZ. Or should I get a 4 port network card and install each server on each port?? Which way do you think is better ???
It pays in these situations to have a look at the intended traffic-flow between the devices on your DMZ. We have several DMZ's where a large number of servers act independently from each other (and do not need to communicate directly) For security reasons we want to ensure that they cant, so we implement private vlans on the DMZ switch so that the variuous switch ports can only communicate to the firewall(s) at layer 2. Because the firewall won't do redirects or same-interface routing, that means the DMZ hosts can't communicate with each other.
Thats the cheaper way of doing large DMZ's, however, for govt clients this doesn't offer an accredited level of separation between hosts, so where accredited separation is required, more firewall interfaces it is.
$ You can do it with one switch/hub. Plug both the PIX and FO PIX into it, your 2 webservers and your mail server.
$$ Get two switches with a cross-overcable between them, make sure thay support spanning tree !!!(STP) put dual port ethernet cards in all three servers and connect one port to each switch. make sure your OS and NIC's support this!!!!
$$$$$$$$$$$$$$$$ Have some one else host this for you!!!!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :