Typically you have 3 interfaces - Internal, external and DMZ.
The only one that there may be more of is the DMZ (possiblly the
internal one if you're protecting more than one network) but never the
external interface.
Ideally you'd have different subnets on each interface.
Your AUX interface is (as you first saaid) an auxiliary (ie second) DMZ
interface.
You may, for example want to keep your web/database/ecommerce systems
separate from your mail system, yet have both accessible to the
outside.
Most people just dump all their servers in a single DMZ cos the routing
is easier to understand but there may be a case for some separation.
(A totally overkill system would be to have a DMZ for each server which
would reduce the risk of other systems being hacked when your webserver
gets smashed).
Cheers,
Mark.
-----Original Message-----
From: Edward Ingram [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, March 20, 2001 7:40 AM
To: Mimi Carpenter; [EMAIL PROTECTED]
Subject: Re: DMZ
So basically, you're saying that the Aux interface is fundamentally the
same as the inside interface on a firewall? So I can assign non
routable addresses to hosts in the DMZ zone, have the firewall use NAT
to allow access to websites within the DMZ zone, and apply rules and
filters to it as well?
----- Original Message -----
From: Mimi Carpenter
To: [EMAIL PROTECTED]
Sent: Monday, March 19, 2001 3:48 PM
Subject: RE: DMZ
I wouldn't have requests coming to the third interface at all; I'd
have them come to the outside interface and be forwarded to the third
interface, the same as if it were another inside network. Even make the
addresses non-routable, if possible.
--
Mimi L. Carpenter, Network Security Engineer
Screen Actors Guild Producers Pension and Health Plans
mailto:[EMAIL PROTECTED]
I speak only for myself.
-----Original Message-----
From: Edward Ingram [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 19, 2001 3:28 PM
To: [EMAIL PROTECTED]
Subject: DMZ
When it comes to setting up DMZ zones, can the same set of filters
and rules be applied to a DMZ (Aux) interface of a firewall as could be
applied to the inside/outside interface? Our company hosts a number of
websites and I'd like to place them in a DMZ zone to separate them from
our network users, but I'd also like to protect them as well.
<< File: ATT00015.htm >>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
