[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ?
You can't have two interfaces on the firewall on the same ip network, but different collision domains. My recommendation would be to have the servers in the DMZ private ip addresses and NAT the destination address. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, January 26, 2001 8:07 AM To: [email protected] Subject: RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ? I am about to implement the configuration that you just described, but I have some questions in regard to IP addressing for the 4 subnets that are in the picture.The IPs given by the provider are 12.109.135.224 to 255. The internal network and the dial up users subnet will be using NAT, and I want the DMZ subnet to use routable IPs.... wil this work? if so will the Firewall perform the routing for the DMZ zone? Internet | | | Router |12.109.135.225 | 192.168.0.2-254 192.168.0.1|12.109.135.226 Dialup Users -------------Firewall -------------------- Web servers 10.1.1.1| 12.109.135.227 12.109.135.228-236 | | 10.1.1.2-254| Internal network I will appreciate your feedabck. Thanks! Carlos Dean Cunningham <Dean.Cunningham@e To: w.govt.nz> "'[email protected]'" <[email protected]> 01/25/01 09:15 PM cc: (bcc: Carlos J. Rivera/EDS/UNCF) Please respond to Subject: RE: [FW1] If a single firewall with deanc 3 NIC's a considered a DMZ? Hi Alan, Just to extend it a bit, there is no reason to limit your thoughts to just "a dmz". You can have multiple DMZs to keep your paranoia and your security policy happy :-) for example you could decide to put your dialup users in a separate dmz to limit their access to internal resources and to protected them from potentially compromised machines in "the dmz" Internet | | Router | | Dialup Users -------Firewall ------- Web servers | | Internal network -----Original Message----- From: James Edwards [mailto:[email protected]] Sent: Friday, 26 January 2001 5:37 AM To: 'Allan Pratt'; [email protected] Subject: RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ? Try this: Internet | | Firewall ------- Web servers | | Internal network You wouldn't want your web server and other stuff just hangin out in the breeze like your first example and having two firewalls, while more secure is a lot of overhead. This way, you use one firewall to control access to your DMZ from both the inside and outside networks. This is what I always understood to be the "classic" DMZ layout. Jim Edwards Systems Manager Texas Secretary of State -----Original Message----- From: Allan Pratt [mailto:[email protected]] Sent: Thursday, January 25, 2001 9:28 AM To: [email protected] Subject: [FW1] If a single firewall with 3 NIC's a considered a DMZ? Hi, Please help settle some confusion. If a single firewall with 3 NIC's a considered a DMZ? I always thought that a DMZ was: Internet Access router <=> web/ftp servers & Bastion host <=> Firewall or better yet........... Internet Access router <=> Firewall <=> web/ftp servers & Bastion host <=> Firewall Please clarify Thanks. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|