Hi David, Further after doing so research. I feel I now have a better conceptual understanding on one design method. I assume your gateway router has one public IP, then the additional block of public IPs from your ISP (which is a separate range from routers?) makes up the segment between the router internal nic and the firewall-1 external nic. The firewall performs dynamic nat for the intranet hosts, and static nat for public servers in DMZ segment (again using RFC 1918 addressing). Or you could place a switch between the router and firewall and place the DMZ here given all server direct public IPs, but you lose control over security passing through the firewall? Am I on the right track? Many thanks in advance
From: David Gillett Sent: Fri 21/01/2005 16:42 To: [email protected] Subject: Re: [FW-1] DMZ > 1. Do you give the firewall a public address Why? Does anything besides the router need to connect to its "outside" interface? (i.e., are you terminating a VPN on it?) > 2. Can you do something on the router forward packets to the > firewall, where there you can implement NAT Yes, tell the router that the outside interface of the firewall is the next hop toward the block of public addresses you're using for NAT. The router doesn't care how the firewall delivers the packets to those destinations. > This e-mail and any attachment is for authorised use by the > intended recipient(s) only. It may contain proprietary > material, confidential information and/or be subject to legal > privilege. It should not be copied, disclosed to, retained or > used by, any other party. If you are not an intended > recipient then please promptly delete this e-mail and any > attachment and all copies and inform the sender. Thank you. Assuming that this is boilerplate mandated by your employer, you appear to be writing from an email account for which participation in online fora (such as mailing lists like this one) is not appropriate. I recommend using a free account, such as are offered by Yahoo or HotMail, to avoid this misguided policy. David Gillett ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
