NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ?



You can't have two interfaces on the firewall on the same ip network, but
different collision domains.  My recommendation would be to have the servers
in the DMZ private ip addresses and NAT the destination address.
  



-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Friday, January 26, 2001 8:07 AM
To: [email protected]
Subject: RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ?




I am about to implement the configuration that you just described, but I
have some questions in regard to IP addressing for the 4 subnets that are
in the picture.The IPs given by the provider are 12.109.135.224  to 255.
The internal network and the dial up users subnet will be using NAT, and I
want the DMZ subnet to use routable IPs....

wil this work? if so will the Firewall perform the routing for the DMZ
zone?


                       Internet
                             |
                             |
                         |
                           Router
                             |12.109.135.225
                             |
192.168.0.2-254   192.168.0.1|12.109.135.226
Dialup Users -------------Firewall -------------------- Web servers
                     10.1.1.1|   12.109.135.227
12.109.135.228-236
                         |
                             |
               10.1.1.2-254|
                      Internal network


I will appreciate your feedabck.
Thanks!
Carlos


 

                    Dean Cunningham

                    <Dean.Cunningham@e        To:

                    w.govt.nz>
"'[email protected]'"      
 
<[email protected]>        
                    01/25/01 09:15 PM         cc:     (bcc: Carlos J.
Rivera/EDS/UNCF)          
                    Please respond to         Subject:     RE: [FW1] If a
single firewall with  
                    deanc                     3 NIC's a considered a DMZ?

 

 







Hi Alan,
Just to extend it a bit, there is no reason to limit your thoughts to just
"a dmz".
You can have multiple DMZs to keep your paranoia and your security policy
happy :-)
for example you could decide to put your dialup users in a separate dmz to
limit their access to internal resources and to protected them from
potentially compromised machines in "the dmz"

                     Internet
                        |
                        |
                      Router
                        |
                        |
Dialup Users -------Firewall ------- Web servers
                        |
                        |
                Internal network

-----Original Message-----
From: James Edwards [mailto:[email protected]]
Sent: Friday, 26 January 2001 5:37 AM
To: 'Allan Pratt'; [email protected]
Subject: RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ?



Try this:

Internet
    |
    |
Firewall ------- Web servers
    |
    |
Internal network


You wouldn't want your web server and other stuff just hangin out in the
breeze like your first example and having two firewalls, while more secure
is a lot of overhead.  This way, you use one firewall to control access to
your DMZ from both the inside and outside networks.

This is what I always understood to be the "classic" DMZ layout.

Jim Edwards
Systems Manager
Texas Secretary of State

-----Original Message-----
From: Allan Pratt [mailto:[email protected]]
Sent: Thursday, January 25, 2001 9:28 AM
To: [email protected]
Subject: [FW1] If a single firewall with 3 NIC's a considered a DMZ?





Hi,

Please help settle some confusion.

If a single firewall with 3 NIC's a considered a DMZ?

I always thought that a DMZ was:

Internet Access router <=>  web/ftp servers & Bastion host     <=>
Firewall

or better yet...........


Internet Access router <=> Firewall <=>  web/ftp servers & Bastion host
<=>  Firewall


Please clarify

Thanks.




_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com



============================================================================

====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================

====


============================================================================

====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================

====
***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************


============================================================================
====

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.