First shot on the new network diagram: All the named connections are VLANs (in english not VLANID's for readability purposes).
The website in the DMZ will stay current with the website inside via DFS over IPSEC
The exchange edge will run IPSEC to communicate with the internal exchange server
To use the admin RDP computer, you'll have to VPN into the PRO2040.
If you want to RDP into any inside stuff, you'll have to VPN into the NSA2400.
Traffic from outside into the citrix box will be SSL encrypted citrix traffic
The reason for the two firewalls is: Proper outside perimeter + inside perimiter of DMZ. Plus the sonicwalls only support two gateways.
Exchange Edge will use INET2, Web will use INET3
The website in the DMZ will stay current with the website inside via DFS over IPSEC
The exchange edge will run IPSEC to communicate with the internal exchange server
To use the admin RDP computer, you'll have to VPN into the PRO2040.
If you want to RDP into any inside stuff, you'll have to VPN into the NSA2400.
Traffic from outside into the citrix box will be SSL encrypted citrix traffic
The reason for the two firewalls is: Proper outside perimeter + inside perimiter of DMZ. Plus the sonicwalls only support two gateways.
Exchange Edge will use INET2, Web will use INET3