Yes we have already planned for that, we've ordered 4 PIX in total with 8
interfaces in each. What do you mean by double segregate intra/internets?
cheers Pat
----- Original Message -----
From: "Patrick Ramsey"
To: ;
Sent: Wednesday, August 22, 2001 4:00 PM
Subject: Re: PIX design question [7:16801]
If you are goign to buy 2 for sure, why not use them in statefull failover?
And not double segregate intra/internets?
Purchase say 2 525's with 1 fastethernet card per box. (has 4 ports)
Your in and out interfaces can be the built in fastE ports and the remainder
can be for various DMZ's and private networks.
-Patrick
>>> "Patrick Donlon" 08/22/01 09:56AM >>>
We are in the middle of migrating to a new network, this includes replacing
Checkpoint firewalls with PIX. My question concerns the proposed design of
the Internet and IntrAnet PIX firewalls and in particular a connection
between the two firewalls. It has been suggested that we connect the
IntrAnet firewall's outside interface to one of the Internet firewalls DMZs.
I can see that this may reduce latency for traffic passing to the internet
from our intrAnet but I'd like to hear anyone's thoughts on this one,
routing or security issues perhaps.
Another design issue which was raised was the placement of some servers in
the same outside interface of the intrAnet firewall. These servers would
require access to one of the intrAnet firewall's DMZ and be accessible from
another DMZ on the internet firewall which are in turn are accessible from
the Internet. This seems a bit of a complicated design and could be a
security loophole (??). Thoughts and experiences please
regards Pat
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16808&t=16801
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]