I am about to implement the configuration that you just described, but I
have some questions in regard to IP addressing for the 4 subnets that are
in the picture.The IPs given by the provider are 12.109.135.224 to 255.
The internal network and the dial up users subnet will be using NAT, and I
want the DMZ subnet to use routable IPs....
wil this work? if so will the Firewall perform the routing for the DMZ
zone?
Internet
|
|
|
Router
|12.109.135.225
|
192.168.0.2-254 192.168.0.1|12.109.135.226
Dialup Users -------------Firewall -------------------- Web servers
10.1.1.1| 12.109.135.227
12.109.135.228-236
|
|
10.1.1.2-254|
Internal network
I will appreciate your feedabck.
Thanks!
Carlos
Dean Cunningham
<Dean.Cunningham@e To:
w.govt.nz>
"'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>
01/25/01 09:15 PM cc: (bcc: Carlos J. Rivera/EDS/UNCF)
Please respond to Subject: RE: [FW1] If a single
firewall with
deanc 3 NIC's a considered a DMZ?
Hi Alan,
Just to extend it a bit, there is no reason to limit your thoughts to just
"a dmz".
You can have multiple DMZs to keep your paranoia and your security policy
happy :-)
for example you could decide to put your dialup users in a separate dmz to
limit their access to internal resources and to protected them from
potentially compromised machines in "the dmz"
Internet
|
|
Router
|
|
Dialup Users -------Firewall ------- Web servers
|
|
Internal network
-----Original Message-----
From: James Edwards [mailto:[EMAIL PROTECTED]]
Sent: Friday, 26 January 2001 5:37 AM
To: 'Allan Pratt'; [EMAIL PROTECTED]
Subject: RE: [FW1] If a single firewall with 3 NIC's a considered a DMZ?
Try this:
Internet
|
|
Firewall ------- Web servers
|
|
Internal network
You wouldn't want your web server and other stuff just hangin out in the
breeze like your first example and having two firewalls, while more secure
is a lot of overhead. This way, you use one firewall to control access to
your DMZ from both the inside and outside networks.
This is what I always understood to be the "classic" DMZ layout.
Jim Edwards
Systems Manager
Texas Secretary of State
-----Original Message-----
From: Allan Pratt [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 25, 2001 9:28 AM
To: [EMAIL PROTECTED]
Subject: [FW1] If a single firewall with 3 NIC's a considered a DMZ?
Hi,
Please help settle some confusion.
If a single firewall with 3 NIC's a considered a DMZ?
I always thought that a DMZ was:
Internet Access router <=> web/ftp servers & Bastion host <=>
Firewall
or better yet...........
Internet Access router <=> Firewall <=> web/ftp servers & Bastion host
<=> Firewall
Please clarify
Thanks.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
***************************************************
This e-mail is not an official statement of the
Waikato Regional Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
