I agree both work equally well, although NAT would have a slightly higher overhead on your server, but if your server is scaled properly it shouldn't matter. I would think the only deciding factor would be available IP subnets. If you have an adequately large legal subnet to allocate to your server farm, I would go that way to avoid the slightly more complex issues of NATing. If you have limited IP's, NAT is the ideal solution since you can do a one to one mapping of legal to internal private IP's without wasting any IPs.
Hal Hal Dorsman Network Administrator Rocky Mountain Elk Foundation Missoula, Montana USA [EMAIL PROTECTED] (406)523-4576 > -----Original Message----- > From: Julian Burton [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 16, 2002 9:45 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] What is recommended way to address a DMZ? > > > I've been involved with both in my time! > Others may have opinions on the advisability of public vs. private > addresses, but I can tell you that both work equally well. > Currently we run private addressing with NAT - mainly due to the small > number of public addresses we have. > > Julian > > > > |---------+----------------------------------------------> > | | F�bio Rocha <[EMAIL PROTECTED]> | > | | Sent by: Mailing list for | > | | discussion of Firewall-1 | > | | <[EMAIL PROTECTED]| > | | kpoint.com> | > | | | > | | | > | | 16/12/2002 13:45 | > | | Please respond to Mailing list for | > | | discussion of Firewall-1 | > | | | > |---------+----------------------------------------------> > > >------------------------------------------------------------- > ---------------------------------------------------------------------| > | > > | > | To: > [EMAIL PROTECTED] > | > | cc: > > | > | Subject: [FW-1] What is recommended way to address > a DMZ? > | > > >------------------------------------------------------------- > ---------------------------------------------------------------------| > > > > > Hi all, > > I need to create a DMZ on my firewall and I have been > thinking how I should > address it, the possibilities are: > > 1. Use public Internet addresses. > 2. Use private addresses and do the required translations on > the firewall. > > What is the best to do? What are the pros and cons of each addressing > method? I would like to hear your opinions on the subject. > > Thanks in advance, > F�bio Rocha. > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ______________________________________________________________ > __________ > This e-mail has been scanned for all viruses by Star Internet. > > > > > > > > ********************************************************************** > Zenith Insurance Management Limited Registered No. 3805632 > Registered @ Zenith House, Market Place, Haywards Heath, > West Sussex, RH16 1DB. > > NOTICE: > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the [EMAIL PROTECTED] and delete the message > and any attachments accompanying it immediately. > > ********************************************************************** > > > ______________________________________________________________ > __________ > This e-mail has been scanned for all viruses by Star Internet. > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
