Hello,
I have an external Firewall on the edge of the network - The NAT for the direct access server is done here.
Then another internal firewall with the dmz servers where the direct access server sits.
On the dmz hyper-v i have two nics on the server. One for dmz and the other for corporate network. In theory i know i shouldnt have a cable running direct to the dmz as this is bridging a firewall
I usually pass the traffic back via the internal firewall gateway and over to the corporate network (with policy rules) but after a few issues with direct access i have pointed it straight at the corporate network using in the internal nic as the gateway (using static routes). Direct access works ok but i have a few questions.
1) Should i break the connection for the internal nic and try to get direct access to go via the internal firewall
2) Is the above a security issue
3) Direct access seems bandwidth hungry as it is always talking to dns (domain controllers) - WHY IS THIS? Youd think once you are authenticated by the domain controller it wouldnt need any more contact with it
thanks in advance
Kevin