Appendix A. Firewall and network configuration 791
Configure the firewall network interfaces
Prior to installing the IBM SecureWay Firewall V4.2 for Windows NT, we
configured the firewall network interfaces.
To configure the non-secure, Internet network interface on our first firewall
(fw1), we performed the following steps:
1. Open the Windows NT Network properties by right-clicking the
Network icon
on the desktop and selecting
Properties.
2. From the Protocols tab, select the TCP/IP protocol and click
Properties....
3. Configure both the secure and non-secure adapter IP addresses:
fw1 non-secure IP address:
10.0.0.1
fw1 non-secure subnet mask: 255.255.255.0
fw1 secure IP address: 10.100.0.1
fw1 secure subnet mask: 255.255.255.0
4. In the Microsoft TCP/IP Properties window, select the non-secure adapter
and specify the IP address, subnet mask, and default gateway for your
network interface. Click
Advanced....
5. We added the IP address aliases listed in Table A-1 to the fw1 non-secure
adapter.
Table A-1 fw1 non-secure network interface alias configuration
To configure the secure DMZ network interface on our second firewall (fw2), we
performed the following steps:
1. Open the Windows NT Network properties by right-clicking the
Network icon
on the desktop and selecting
Properties.
2. From the Protocols tab, select the
TCP/IP protocol and click Properties....
Note: The WebSphere Commerce tools require the Microsoft Internet
Explorer V5.5. Internet Explorer only runs on Windows, which means that a
Windows system must be able to access the Web servers in the DMZ.
IP address Subnet Description
10.0.0.1 255.255.255.0 fw1 non-secure interface
10.0.0.2 255.255.255.0 One-to-one NAT for incoming Web site
address. Maps to the Network Dispatcher
cluster seen by client.
10.0.0.100 255.255.255.0 Many-to-one NAT alias for outgoing
792 WebSphere Commerce V5.4 Handbook, Architecture and Integration Guide
3. Configure both the secure and non-secure adapter IP addresses:
fw2 non-secure IP address:
10.100.0.2
fw2 non-secure subnet mask: 255.255.255.0
fw2 secure IP address: 9.24.105.51
fw2 secure subnet mask: 255.255.255.0
4. In the Microsoft TCP/IP Properties window, select the required adapter and
specify the IP address and subnet mask. We left the Default Gateway field
blank, since the first firewall will act as the default gateway for our DMZ.
5. We added the IP address aliases listed in Table A-2:
Table A-2 fw2 non-secure network interface alias configuration
Host IP addresses and default gateways
Table A-3 contains a list of IP addresses assigned to the various hosts in our test
environment and the default gateway for the host.
Table A-3 DMZ server addresses
IP address Subnet Description
10.100.0.2 255.255.255.0 fw2 non-secure interface
10.100.0.3 255.255.255.0 Many-to-one NAT alias for outgoing
10.100.0.77 255.255.255.0 Commerce Application server (comaix1) alias
10.100.0.120 255.255.255.0 Commerce Application server (comaix2) alias
Host
Host
IP address
Internet
gw: 10.0.0.1
DMZ
gw:10.100.0.1
Intranet
gw:9.24.104.1
client1 10.0.0.21
fw1 10.0.0.1 (non-secure)
10.100.0.1 (secure)
10.0.0.1
10.0.0.100
10.100.0.1
nd1 10.100.0.10 (admin)
10.100.0.100 (cluster) 10.0.0.2 10.100.0.100
webaix1 10.100.0.200 10.100.0.200
webaix2 10.100.0.201 10.100.0.201
fw2 10.100.0.2 (non-secure)
9.24.105.51 (secure)
10.100.0.2
10.100.0.3
9.24.105.51
comaix1 9.24.105.77 10.100.0.77 9.24.105.77
comaix2 9.24.105.120 10.100.0.120 9.24.105.120

Get WebSphere Commerce V5.4 Handbook: Architecture and Integration Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.