NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ?


I am about to implement the configuration that you just described, but I
have some questions in regard to IP addressing for the 4 subnets that are
in the picture.The IPs given by the provider are 12.109.135.224  to 255.
The internal network and the dial up users subnet will be using NAT, and I
want the DMZ subnet to use routable IPs....

wil this work? if so will the Firewall perform the routing for the DMZ
zone?


                       Internet
                             |
                             |
                         |
                           Router
                             |12.109.135.225
                             |
192.168.0.2-254   192.168.0.1|12.109.135.226
Dialup Users -------------Firewall -------------------- Web servers
                     10.1.1.1|   12.109.135.227
12.109.135.228-236
                         |
                             |
               10.1.1.2-254|
                      Internal network


I will appreciate your feedabck.
Thanks!
Carlos


                                                                                                
                    Dean Cunningham                                                             
                    <Dean.Cunningham@e        To:                                               
                    w.govt.nz>                "'[email protected]'"      
                                              <[email protected]>        
                    01/25/01 09:15 PM         cc:     (bcc: Carlos J. Rivera/EDS/UNCF)          
                    Please respond to         Subject:     RE: [FW1] If a single firewall with  
                    deanc                     3 NIC's a considered a DMZ?                       
                                                                                                
                                                                                                






Hi Alan,
Just to extend it a bit, there is no reason to limit your thoughts to just
"a dmz".
You can have multiple DMZs to keep your paranoia and your security policy
happy :-)
for example you could decide to put your dialup users in a separate dmz to
limit their access to internal resources and to protected them from
potentially compromised machines in "the dmz"

                     Internet
                        |
                        |
                      Router
                        |
                        |
Dialup Users -------Firewall ------- Web servers
                        |
                        |
                Internal network

-----Original Message-----
From: James Edwards [mailto:[email protected]]
Sent: Friday, 26 January 2001 5:37 AM
To: 'Allan Pratt'; [email protected]
Subject: RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ?



Try this:

Internet
    |
    |
Firewall ------- Web servers
    |
    |
Internal network


You wouldn't want your web server and other stuff just hangin out in the
breeze like your first example and having two firewalls, while more secure
is a lot of overhead.  This way, you use one firewall to control access to
your DMZ from both the inside and outside networks.

This is what I always understood to be the "classic" DMZ layout.

Jim Edwards
Systems Manager
Texas Secretary of State

-----Original Message-----
From: Allan Pratt [mailto:[email protected]]
Sent: Thursday, January 25, 2001 9:28 AM
To: [email protected]
Subject: [FW1] If a single firewall with 3 NIC's a considered a DMZ?





Hi,

Please help settle some confusion.

If a single firewall with 3 NIC's a considered a DMZ?

I always thought that a DMZ was:

Internet Access router <=>  web/ftp servers & Bastion host     <=>
Firewall

or better yet...........


Internet Access router <=> Firewall <=>  web/ftp servers & Bastion host
<=>  Firewall


Please clarify

Thanks.




_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com



============================================================================

====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================

====


============================================================================

====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================

====
***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************


================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.