[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ?
I am about to implement the configuration that you just described, but I have some questions in regard to IP addressing for the 4 subnets that are in the picture.The IPs given by the provider are 12.109.135.224 to 255. The internal network and the dial up users subnet will be using NAT, and I want the DMZ subnet to use routable IPs.... wil this work? if so will the Firewall perform the routing for the DMZ zone? Internet | | | Router |12.109.135.225 | 192.168.0.2-254 192.168.0.1|12.109.135.226 Dialup Users -------------Firewall -------------------- Web servers 10.1.1.1| 12.109.135.227 12.109.135.228-236 | | 10.1.1.2-254| Internal network I will appreciate your feedabck. Thanks! Carlos Dean Cunningham <Dean.Cunningham@e To: w.govt.nz> "'[email protected]'" <[email protected]> 01/25/01 09:15 PM cc: (bcc: Carlos J. Rivera/EDS/UNCF) Please respond to Subject: RE: [FW1] If a single firewall with deanc 3 NIC's a considered a DMZ? Hi Alan, Just to extend it a bit, there is no reason to limit your thoughts to just "a dmz". You can have multiple DMZs to keep your paranoia and your security policy happy :-) for example you could decide to put your dialup users in a separate dmz to limit their access to internal resources and to protected them from potentially compromised machines in "the dmz" Internet | | Router | | Dialup Users -------Firewall ------- Web servers | | Internal network -----Original Message----- From: James Edwards [mailto:[email protected]] Sent: Friday, 26 January 2001 5:37 AM To: 'Allan Pratt'; [email protected] Subject: RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ? Try this: Internet | | Firewall ------- Web servers | | Internal network You wouldn't want your web server and other stuff just hangin out in the breeze like your first example and having two firewalls, while more secure is a lot of overhead. This way, you use one firewall to control access to your DMZ from both the inside and outside networks. This is what I always understood to be the "classic" DMZ layout. Jim Edwards Systems Manager Texas Secretary of State -----Original Message----- From: Allan Pratt [mailto:[email protected]] Sent: Thursday, January 25, 2001 9:28 AM To: [email protected] Subject: [FW1] If a single firewall with 3 NIC's a considered a DMZ? Hi, Please help settle some confusion. If a single firewall with 3 NIC's a considered a DMZ? I always thought that a DMZ was: Internet Access router <=> web/ftp servers & Bastion host <=> Firewall or better yet........... Internet Access router <=> Firewall <=> web/ftp servers & Bastion host <=> Firewall Please clarify Thanks. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|