This was traditionaly the architecture before the DMZ became collapsed. At 12:13 PM 4/4/2002 -0500, Laura A. Robinson wrote: >A "true" DMZ may have a firewall between the Internet and the DMZ, as well >as between the DMZ and the intranet. > >Laura >----- Original Message ----- >From: "Bill Royds" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> >Sent: Wednesday, April 03, 2002 8:11 PM >Subject: RE: Basic DMZ Setup Questions... > > >A true MZ is the net between the firewall and the Internet, not behind a >firewall. If this is the case, then you have the choice of a public address >or a simple 1-1 NAT (IP redirect) set up on your NAT enabled router. If your >router can handle Port Address Translation, where it sends the traffic from >a single Internet address to separate servers depending on destination port, >you can save Internet IP space by using private addresses. But your servers >are not being protected by your firewall. > >If it is the more common server segment on a third NIC of the firewall, then >it can use private address space, either IP redirect, PAT or full dynamic >NAT. But it still would be a good idea to set up this server segment with a >separate subnet address to ease routing and rule making on the firewall. > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of John S. Strock >Sent: Wed April 03 2002 18:26 >To: [EMAIL PROTECTED] >Subject: Basic DMZ Setup Questions... > > >I have a few questions regarding setting up a DMZ. Currently our >public servers are behind our LAN port on our Firewall, with only the >ports we need opened. I would like to move these server to the DMZ >port of our SonicWall DMZ firewall. My question is...once I put >something in the DMZ, do I need to give it a different IP address, >meaning do I need to change it from an internal LAN IP to a external >WAN IP? Currently, my NAT router handle's that. And if I do give it a >WAN IP, does that mean I take it out of my NAT table? I plan on using >our HP Switch to create 2 VLAN's, one for our LAN and one for the DMZ >Zone (currently our switch is not VLANed and it's used for our internal >LAN). Would this work, is this a good idea? Can you give me any basic >setup ideas/suggestions? > >Thanks! > >John >_______________________________________________ >Firewalls mailing list >[EMAIL PROTECTED] >http://lists.gnac.net/mailman/listinfo/firewalls > >_______________________________________________ >Firewalls mailing list >[EMAIL PROTECTED] >http://lists.gnac.net/mailman/listinfo/firewalls > >_______________________________________________ >Firewalls mailing list >[EMAIL PROTECTED] >http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
