We are changing providers so while we're changing all the IP addresses
any way I want to optimize our firewall placement and network design as
well.
ISP---Cisco 2500----A.B.C.0/26----Linux FW1----DMZ A.B.C.64/26
|
|
|
10.x.0.0/16
Internal
Fairly standard routable external subnet & DMZ subnet; rfc 1918 & hide
NAT for internal network. Currently RAS comes into internal network.
>From a security standpoint where is the best place to put RAS? Are
there any advantages to putting RAS either on a separate interface on
the firewall with a differant rfc 1918 network or putting it in the DMZ
with routable addresses and requiring SR connections to reach internal
network? I haven't seen a network setup like this but am just trying to
find what the best practice is for RAS placement.
We are currently running FW1 4.0sp6 on NT and are planning to upgrade to
4.1 before change then migrate to Linux when we cut over to the new ip
addresses.
Thanks in advance
-PaulK
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
