Hi
I'm in the process of creating a new active directory forest with a single domain using AD.Contoso.com to use the Microsoft example. The reason I have decided on AD.XXXXXXXXX.com is to get way from using split horizon (Split Brain) DNS. The requirements for our new domain are :-
- 2012 R2 AD
- Direct Access & VPN
- Exchange 2013 OWA, Active Sync Outlook Anywhere (Possibly a Hybrid Config where we have on premises mailboxes and some exchange online mailboxes Office 365 etc)
- Lync 2013 ?
- SharePoint ?
- Microsoft Active Directory Certificate Services
- System Center Configuration Manager 2012 R2
- Two way trusts between old forest and new to enable Transition/Migration
Ok so that's what I'm aiming for so now the question.
They are allowing me to purchase a next Generation Firewall may be a Barracuda NG firewall or a Cisco ASA X series so I need some advice on what type of network topology I should configure. I've read that using the two NIC configuration for
the 2012 R2 Direct Access Server is preferable, one nic on the internal network one on the perimeter. The problem I have with this is that it bridges the internal network and the perimeter bypassing the backend firewall see image
The other alternative is to dispense with the perimeter network use the Direct Access server with a Single NIC and setup the NG Firewall in a three-legged config with the DA server on the DMZ.
So all you security experts out there what would be your design for this simple domain? we don't need any HA or Load Balancing.
Thanks
Simon