Firewall / Reverse Proxy Config Questions.

I am putting together a proxy/firewall config ... and I want to pass this by the pros to make sure I have this correct (this is my first shot at something like this) ... and for suggestions/answers.

1: Proxy: Windows 2003 Web Edition running Apache 2.0 will act as a reverse proxy with 2 IP's (NIC1 with 2 IPs assigned via IP aliasing) in front of the FW. 2: Checkpoint Firewall. 3: 2 Windows 2003 Web Edition HTTP servers behind the FW

Two domains with SSL Certs will be hosted on the proxy in the DMZ: NIC1 is connected to the ISP

formatting link
(PUBLIC IP1:443 on Proxy NIC1)
formatting link
(PUBLIC IP2:443 on Proxy NIC1) NIC2 is connected to the FireWall DMZ NIC

So:

PUBLIC IP1:443

formatting link
on Proxy --> FireWall Port

5000 --> INTERNAL IP1:80 PUBLIC IP2:443
formatting link
on Proxy --> FireWall Port 5001 --> INTERNAL IP2:80

Site "One": Proxy will fwd requests from "one:443" to "Firewall IP Port 5000". Firewall will fwd requests from "Firewall IP Port 5000" to "Internal IP1:80".

Site "Two": Proxy will fwd requests from "two:443" to "Firewall IP Port 5001". Firewall will fwd requests from "Firewall IP Port 5001" to "Internal IP2:80".

Three Question:

1: Does this look correct? Any errors?Am I close? 2: Do I need to setup some sort of routing on the Proxy to route traffic from NIC1 to NIC2? 3: I am not sure how the IP's should be config'd between the proxy and the FW:

Proxy NIC 1 is easy since that is obviously the ISP IP config, and the internal net I can make whatever I need it to be. So what would the IP/Gateway/Netmask config be for Proxy NIC2 and the FW DMZ NIC?

Thanks.

Reply to
Serpico
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.