There's two schools on this, and both are valid.
Because we use SessionWall-3 to monitor our internet traffic (and we run
this separately to the firewalls), we set ourselves up with two
firewalls, and the DMZ between them.
External traffic cannot get at machines on the DMZ but is passed (via
NAT) to the interior firewall. All traffic passing through is monitored
by the sessionwall machine, and if required blocked.
Peter
--
Peter T Mount, IT Section
[EMAIL PROTECTED]
Anything I write here are my own views, and cannot be taken as the
official words of Maidstone Borough Council
-----Original Message-----
From: Gary Maltzen [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 11, 1999 6:18 PM
To: Tally
Cc: [EMAIL PROTECTED]
Subject: Re: DNS in the DMZ
Am I missing something subtle here? My reading of Cheswick & Bellovin
left me with the impression that a DMZ (c.f., Vietnam and Korean
conflicts) looked more like this:
INTERNET
|
EXTERIOR FIREWALL
|
(DMZ)---[various servers]
|
INTERIOR FIREWALL
|
INTRANET
> here is the configuration:
>
> INTERNET
> |
> FIREWALL------DMZ----[dns,www,ftp servers]
> |
> CO. Network
>
> the DNS is in the DMZ. and this DNS is to have the
> entries for www,ftp and the firewall external IP
> address facing the internet.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
