i sometimes think that at technical life somebodies trying to fool me which makes my mind work for garbage sometime. And that mostly happens when i say my focus is security , everybodies everething becomes about security. Now our web mail server guys wanted me to open 80 and 443 port for their mail servers which are on LAN segment and theyll have people to access to the mail system from web and cause its https it will be secure? Then what the DMZ is for?! We have proxies at LAN also. So let me ask you another question. What to put (what we should) on DMZ , or not . What accesses for the hosts at LAN can be given outside the world and DMZ?
Regards 2009/12/3 pkc_mls <[email protected]>: > a bv a écrit : >> They wanted me to add a access rule for both ways between that host at >> LAN and whole DMZ subnet for ESP protocol group. At the host sides >> the owners ( other people from mycompany ) applied ipsec on the hosts >> as i know. Can you explain in detail for statement inwriting ? >> Regards > Sounds really strange. > As someone already mentionned on the list, you need either 2 gateways or > one gateway and one vpn client for IPSEC. > > if the device in between has already some vpn connection, > it can be quite hard to have ike or esp go through. > > if the need is to secure traffic between a DMZ and the LAN, what's the > benefit of having already a firewall in between ? > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
