At 01:20 PM 9/3/99 -0400, Shubinsky, Slava wrote:
>I've seen an interesting architecture...
>
>Net---FW1----R----FW2---R---Internet
> |
> DMZ
>
>At first this seems to be a tighter security architecture,
>but at a closer look this might be wasteful especially if
>the two firewalls are the same type. Has anyone run
>into something like this? What are the general thoughts?
To respond, I have to put on my instructor's hat and... ask questions.
Other people perhaps wouldn't need to, but then I think we would get a
different interpretation of the diagram and your text from each person who
posts an opinion.
Before one could really answer your question, one would want to know:
1. What do the "Rs" symbolize in your diagram? A router? Filtering router
-- i.e., a rudimentary firewall -- or just a router?
2. How are the routers configured (assuming they filter)? In other words,
to whom do they talk?
3. Why is the DMZ -- now I am making a judgement -- so far inside?
4. Why do you say, "At first this seems to be a tighter security
architecture"? I am not baiting you -- it is helpful to know what intrigues
*you* about this.
Fred
Avolio Consulting
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
