From: mohammed omer (ahassan32@hotmail.com)
Date: Wed Mar 04 2009 - 11:23:46 ARST
dear jokey
you have to do natting in ASA only in the edge just open ports for your service in the fortigate and FSWM
regards
> Date: Wed, 4 Mar 2009 09:50:22 +0300
> Subject: Three Tier Security guideline.
> From: jockeywearer@gmail.com
> To: ccielab@groupstudy.com; security@groupstudy.com
>
> Dear All,
>
>
>
>
>
> Our Team has designed "Three tier security"* *design which consist of
> ASA,Fortigate Appliace,Cisco 6500 FWSM devices
>
>
>
> Internet Router----ASA----Fortigate FW----- cisco 6500 FWSM------All
> Servers(Email Server-10.1.1.1)
>
> !
>
> !DMZ
>
> !
>
> External email
> server(172.16.1.1)
>
>
>
> I have planned to do natting on ASA for External servers connected to
> fortigate.
>
> I am in confusion that should I need to do NATTing on ASA and again on
> Fortigate FW to hit to External Email server
>
> eg.NATTing and allow needed services
>
> On ASA 212.X.X.X ------> 192.168.1.1
>
> On Fortigate FW 192.168.1.1 ------> 172.16.1.1 ( External Email
> Server)
>
> on FWSM again I have to do NAT for Email Server
> (10.1.1.1)
>
> I am little bit in confusion .
>
> Can anybody guide me or suggest me what is best way to configure to Avoid
> complex Configuration ?
>
> I have to just complete essential setup and after that we can do improvement
> for network .
>
> Did Fortigate or ASA is right place where I can keep my External server in
> DMZ ?
>
> What is Best and simple Way?
>
>
>
> Any update or guideline is highly appereciate.
>
>
>
> Thanks
>
> Prashant
>
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART