0

Ok I am not sure if I asked the question correctly so have mercy. My network is growing at work and I am finding it hard to manage my firewall rules. The problem I am having is 2 fold:

  1. I have 4 servers at work and with progress more services are being added, in the past I have managed to route traffic ok since either a. two services requireing the same port were on the same server and I could let IIS work it out or b. if they were on different machines they used different ports i.e. http, https, ftp, etc.
  2. The users are stubborn and refuse to have to remember non-standard port numbers to get to internal servers from the outside. (one idea I had was if I had two services needing the same protocol (http) I would change the port on one to be able to route that traffic to the correct server)

I will admit, this is a smaller company and I am the only admin here and while I feel that I am competent, all of my previous experience was with large companies and I basically did 1 task all day long. Now that I do everything I am realizing how detrimental that was to my knowledge level. So if there is something stupid simple that I have overlooked I appologise for wasting your time. Either way thanks for looking and for any help you may offer.

One note though the environment is all windows so linux cant be a solution, and I have been told to figure it out and not spend money, if I could I have already found other firewalls that claim to do what I need. but I am sure that either the sonicwall or somehow using the onsite dns server to route requests to internal ips. (FYI I was a AD admin for 5 years before this job and my weakest skill-sets are dns and firewall routing).

Thanks again for any and all help.

Nixphoe
  • 4,524
  • 7
  • 32
  • 51
BrandonS
  • 103
  • 4
  • Would asking your internet provider for another IP address be out of the question? I understand that would cost money, but that's the only solution I can think of with your setup. – Nixphoe Jul 08 '11 at 03:40

2 Answers2

1

If these are services that are accessed by external users over a WAN connection, then the best/cheapest solution in your case is to get additional WAN IP addresses from your ISP. Any other way I can think of would require some additional hardware/software (doing load balancerish functions). The TZ190 can't do this (not even sure if any of the Sonicwall network security appliances can do this).

Your ISP will likely charge you an extra $x per month per IP or for a block of IPs. To give you an idea, Cox and Comcast charge $5ish per month per extra IP on a business cable connection. Then you can configure the IPs on your SW appliance and forward the ports as needed.

...and I have been told to figure it out and not spend money...

If these services are critical to the business, hopefully they'll be ok spending a little more a month on extra IPs.

user78940
  • 473
  • 2
  • 7
  • I really didn't think about that, kind of feel dumb now something so simple. set it up this morning and working like a charm, seems we got 5 IP's with the comcast business package we have. – BrandonS Jul 08 '11 at 13:50
0

Ok, since you are already utilizing non-standard ports, it "sounds" like getting additional IPs may not be an option on the top of the list.

Here's an approach which may work right into what you already have in place:

Setup multiple virtual hosts or sub directories on your main port 80 web server with redirects as their default pages. Example:

  • site2.yourdomain.com redirects to server2.yourdomain.com:8080
  • www.youdomain.com/site3 redirects to server3.youdomain.com:81
user48838
  • 7,393
  • 2
  • 17
  • 14