My normal practice is to use Public IP addresses in the DMZ, but a different range. However, you can use private address space, and NAT one or more of your public addresses on the outside interface to the range.
Regards Neil Kemp Security Consultant Business Sense IT Ltd _____ Suite 296, 17 Holywell Hill, St Albans, AL1 1DT. Å +44 (0) 8700 201694 Ë +44 (0) 7958 545129 � 07092 153679 + [EMAIL PROTECTED] " http://www.businesssense.co.uk http://www.secureadvice.co.uk http://www.adsllink.co.uk -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Kenneth Sent: 09 September 2003 21:45 To: [EMAIL PROTECTED] Subject: [FW-1] Firewall DMZ We are looking to create a dual firewall environment (external and internal). In the middle will be the DMZ. Are DMZ IP addresses typically hidden from the outside world? Aside from hiding this network from the outside world, are there any additional advantages? I'm assuming that if I'm hiding the DMZ addresses, I will need to NAT them. Are there any security issues to NATing for inbound services (i.e. www)? Or is it recommended to simpy route the DMZ IP addresses? Thanks in advance ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Kenneth Lee COGNEX Corporation One Vision Drive, Natick, MA 01760 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
