Hi guys,
I have decided to go with F5's BigIP Enterprise. The config will be:
INTERNET
|
|
_______
PrivateDMZ(private WWW server w/ DB backend)-----| FW-1 |----- DMZ
(public WWW server)
*******
|
INTERNAL NET
Users come in from the internet to the public DMZ and hit the front end WWW
server over SSL. The WWW server then connects through the FW through a
BigIP box that is proxying the SSL connection for the private WWW. The
traffic on the backside is not encrypted (to avoid tunneling attacks to this
server) and we will have NIDS on both DMZ's and possibly honeypots. This
allows me to bring SSL all the way to the private DMZ, users aren't directly
touching the internal WWW (the public WWW talks XML to the private WWW).
This also provides: expandability to other protocols, load balancing,
fail-over, and scalability.
Thank you all for your input.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
