2 Replies Latest reply on Mar 22, 2010 3:16 PM by jpm12345

    Networking Question

      For a variety of reasons we need to make a change in our network to introduce a second firewall.  The ISP drop currently plugs into a switch and our firewall plugs into that same switch.  I have a couple of networking questions:

       

      1. Right now we use 1-to-1 NAT on 16 public ip addresses that are entered in the firewall as aliases on the internet port.  The plan would be to split that so 8 addresses are one firewall#1 and 8 addresses are on firewall#2.  I think that since the ISP drop plugs into a switch and not the firewall directly this should work having some addresses on each of the two firewalls.  Is that correct?

       

      2. Some of the machines will go out firewall#1 and some will go out firewall#2 based on the public ip addresses they map to.  I would like to not have to have the whole networks separated since I don't want extra domain controlers, logging, and patch servers.  Can servers in the same subnet talk to each other even if they have different gateways defined?  For example, our internal network is 192.168.0.1-192.168.255.254 some of those servers would have firewall#1 (192.168.0.1) as their gateway and some would have firewall#2 (192.168.254.254) as their gateway.  But internally all the servers would plug into the same switches and need to talk to each other.  I _think_ that would work since the AFAIK the gateway is used when routing to ip addresses _outside_ of the subnet.  Is that correct?