In my opinion it is smarter and safer to use a DMZ interface on a PIX firewall vice having a switch/hub before the firewall. This is because if one of your DMZ nodes are attacked from the internet you can easily close the hole and block the attack source. With a hub before firewall you will have to rely on the OS to block the attack or disconnect the node from the switch/hub. It may be work to create static NAT translations and ACLs, but you definitely have control over what is being accessed exactly.
""Sam"" wrote in message news:[EMAIL PROTECTED] > Hey there > > Mostly, firewall design includes a dmz. In most companies, within this DMZ, > is it more likely to see the servers directly being given registered public > IP's, > > OR > > Is it more likely to see the servers being given private IP's and then a nat > translation created for internet users to access the servers. > > > Also, what are the pros and cons for the above two situations? > > thx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65958&t=65769 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]