Because the 2 NIC solution results in a box bridging your firewall. In other words, your firewall is no longer the only path between your internal and external networks.
That's generally a bad idea. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: MHR(Michael Ross) [mailto:mhr@;panduit.com] > Sent: Monday, November 04, 2002 10:06 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] OT? > > > Can you explain why? > > -----Original Message----- > From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] > Sent: Monday, November 04, 2002 9:04 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT? > > > You were told correctly. > > One NIC in the DMZ is the better choice. > > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > > -----Original Message----- > > From: MHR(Michael Ross) [mailto:mhr@;panduit.com] > > Sent: Monday, November 04, 2002 9:55 AM > > To: '[EMAIL PROTECTED]' > > Subject: [ActiveDir] OT? > > > > > > I dunno if this is off topic.. > > but which is more secure? > > a proxy (or isa server), with 1 NIC in a DMZ, or a server > > with 2 NICs .. one in the DMZ, one on the internal LAN.. > > internal NIC has no default gateway. > > External NIC has WINS, SERVER service, Workstation service > > unbound from the NIC. > > > > im told a dual NICd proxy is a hole in the firewall. > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
