I need assistance configuring our LAN to allow users to access a web server on another LAN in our building.
Users on the "SC" corporate LAN need to access a web server ("Media Server") that is on another company's LAN ("MA" company), which is located in the same building. This web server is not publicly accessible, so the idea is to use a port on SC's external Sonicwall firewall to create an "internal" DMZ. This would enable SC users to access the MA web server, but still allow for anti-virus/intrusion protection between the two LANS.
SC runs Microsoft Essential Business Server 2008 (EBS), which is a 3 server integrated solution that includes the latest version of the ISA firewall, Threat Management Gateway 2010 (TMG). Because you cannot choose to implement EBS without TMG, the organization has two firewalls. Outgoing traffic from the LAN first passes through the TMG firewall, then to the Sonicwall firewall. In EBS terminology, this is called the "Advanced Firewall Configuration".
In the "Advanced Firewall Configuration", you can reduce the firewall functionality of TMG since the perimeter firewall is doing most of the work. There is a slider tool whereby you set the security level of the TMG firewall; we have it set to "Medium-Low". At this setting, Intrusion Detection, Flood mitigation, & DNS attack detection is turned off, but NAT is turned on. Also, there is a rule in TM: "Allow all traffic rule" which opens Internet access to all applications and all users, bypassing any restrictions in the Web access rules. For more info on the security level setting see: [login to view URL](WS.10).aspx
The Sonicwall is set to forward all traffic that makes it through to the TMG server's external NIC card, which then decides what to do with it.
We have established a physical connection to the MA Lan, plugging it into the Sonicwall's X2 port. Now we need to determine how to configure the X2 port, TMG server and perhaps static routes in order for our users to get to the Media Server.
Our LAN ("SC") network address is:
10.10.22.x/24
Gateway: [login to view URL]
The "MA" LAN network addressing is:
10.1.31.x/24
Gateway: [login to view URL]
MA has given us an IP address on their subnet, [login to view URL], which presumably would be the interface IP on our DMZ interface.
Have worked on sonic wall before. Need $150 to complete CCSP series of Cisco Exam.
Not doing any full time work currently, hence, can dedicate 24 hours non stop.
Pl contact at mayankdotthakarattherategmaildotcom ASAP.
Thanks & Regards
Maxx