[fw1-gurus] Win2K cluster behind FW in same domain as servers before FW

[<Admin@xxxxxxxxxx>]

Morning all,

I have been asked to allow a M$ cluster to operate in a secured area
(not DMZ) which is behind our Internal FW as a part of the regular
domain which is before the FW.

Our FW's are Nokia IP530's running IPSO3.7b32 and CPR55.

A very simple schematic of this would be:

M$ Cluster running SQL (A)
   |
   |
Nokia IP530----Internal network containing DC's (B)
   |
   |
Other not important network (C)

The issue being requested is to have A communicate with B as though it
was in the same area as B. There will be no data flow between A and C.

I have tried to find info regarding setting this up, as far as ports,
rules etc, but have not found a damned thing.

Anyone have any pointers/solutions for such a scenario ?

Things to consider are that A cannot work with a VPN, and cannot be
considered a DMZ. It will have a separate IP range (obviously) then
everything in B. So, it will need to see the DC's in B, be able to
connect to allow logon on the servers, and must be able to do SQL data
transfers from A to B (this part is simple and will work, so I don't
need help on this, just the rest).

Any ideas ?

Mike Glassman
Head of System Security
Computer & Information Systems
Israeli Airports Authority
Ben-Gurion Airport
http://www.ben-gurion-airport.co.il

Tel : 972-3-9710785
Fax : 972-3-9710939
Email : admin@xxxxxxxxxx

Usage of this email address or any email address at iaa.gov.il for the
purpose of sales pitches, SPAM or any other such unwanted garbage, is
illegal, and any person, whether corporate or alone doing so, will be
prosecuted to the fullest possible extent.

 


---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus)
To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx