On Sun, 6 Feb 2000, Micheal Espinola Jr wrote:
MEJ} I see what you are saying - but even with my admitted limited firewall
MEJ} knowledge, I am somewhat stunned to hear that definition - especially coming
MEJ} from an O'Reilly book. I personally have never seen a DMZ referenced as an
MEJ} un-screened zone in any situation.
MEJ}
MEJ} So what you are saying is that the DMZ is the subnet of the external
MEJ} interface?
Yes. The LAN segment between your outermost router that provides access
to the Internet and your outermost firewall is the DMZ.
Based on ICSA firewall definitions, a router falls into the category of a
Packet Filtering Firewall. And, as a result, conforms to your experience
that a DMZ is a screened zone. This also agrees with the interpretations
of Cisco, Checkpoint, etc. that you cited.
Personally, I find the external router as a nice place to deal with those
services that I am absolutely not going to support.
Merton Campbell Crockett
+--------------------------------------------------------------------------+
| Manager, Network Operations & Services | Chief Network/Security Engineer |
| General Dynamics Electronic Systems | Naval Surface Warfare Center |
| Intelligence Systems Organization | Port Hueneme Division |
| Thousand Oaks, CA | Port Hueneme, CA |
+--------------------------------------------------------------------------+
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
