Custom network adapter configurations – HP ProLiant DL320 G4 Server User Manual
Page 13
Initial setup considerations 13
NOTE: Any network services and client applications installed on the firewall can potentially increase the
security risk.
If you are familiar with the installation and configuration of DNS servers or if a DNS server already exists
on the LAN, the best option is to configure that DNS server to resolve Internet host names and then create
an access rule on the firewall enabling that DNS server to use the DNS protocol to connect to the Internet.
If you are not familiar with DNS server installation and configuration, or if you choose not to install and
configure a DNS server, use the ISP DNS server. The main limitation of this option is that the ISP DNS
server cannot resolve names of computers on the LAN.
1.
Determine if a DNS server already exists on the LAN.
2.
If a DNS server exists on the LAN, configure that DNS server to resolve Internet host names, and
then create a firewall rule allowing this DNS server access to the DNS protocol to all sites on the
Internet.
3.
If a DNS server does not exist on the LAN, install a DNS server on the ProLiant DL320 Security
Server. For details on DNS setup and configuration, see the Microsoft
®
Windows Server™ 2003 or
Microsoft
®
Windows
®
2000 Help and Support Center.
4.
If a DNS server does exist on the LAN and you do not want to install a DNS server on the server,
configure the internal interface to use the IP address of your ISP DNS server. Consult the ISP to
determine the correct IP address of their DNS server.
Custom network adapter configurations
The ProLiant DL320 Security Server might be equipped with additional network interfaces. In addition to
the internal and external interfaces, there might be additional LAN, partner access, perimeter network
(also known as a DMZ), and screened subnet interfaces.
Additional network interfaces can provide the following benefits:
•
Additional LAN interfaces can connect several internal networks to the firewall. The ProLiant DL320
Security Server can control what network traffic moves among the LANs and between the LANs and
the Internet.
•
Perimeter network interfaces can be used to connect perimeter networks hosting publicly accessible
servers and services. For example, you might want to host your own e-mail or web servers on the
perimeter network.
•
Partner networks enable business partners to connect to resources on a network segment outside of
the LAN and perimeter networks. These networks are not public networks because only the partners
can connect to them. Partner networks are sometimes referred to as extranets.
IP addresses assigned to additional LAN, perimeter network, and extranet interfaces are specific to the
requirements of your unique network configuration. The only requirement from the standpoint of the
ProLiant DL320 Security Server is that each of these interfaces is configured with IP addresses on different
network IDs. The setup wizard enables the configuration of up to three interfaces. Additional interfaces
must be configured after setup is completed.
1.
Before installing the ProLiant DL320 Security Server, determine and record what IP addresses and
subnet masks should be configured on the additional perimeter network or extranet interfaces.
2.
If you are configuring a perimeter network, additional LAN networks, or an extranet but do not know
what IP addresses to assign the ProLiant DL320 Security Server interfaces, consult with a network
professional that can help you determine the correct configuration.