I believe there's a difference between what I call a "logical" firewall
and a "physical" one. The physical one being separate boxes with
separate segments coming out of them (segments == wires); usually just
routers. A logical one can have one (or more) segments with one or more
networks on each segment; usually with packet filters and rules.
There are as many types of DMZs as there are definitions for them - each
firewall vendor has their own definition with varying vaguenesses.
With the prices that are being charged for firewall boxes these days,
I'm not surprised that sysadmins are only getting one. Also, having just
one box simplifies configuration (and support) - at least from a
firewall vendor's point of view.
--Bruce
PS: Tomorrow night's topic in Concord is firewalls. Come and ask a
question!
Dave Nichols wrote:
>
> Folks,
>
> Just a question coming out of some work I'm doing today. I was always
> taught a double Firewall surrounded a TRUE DMZ (one in front, one in back).
>
> I see more and more people representing DMZ's coming off a SINGLE firewall,
> the same one which protects the corporate jewels... and implementing the
> differences in rules differences only...
>
> Of course, my current employer (who shall remain nameless but is a large
> network vendor) always shows a single firewall...
>
> What do y'all think?
>
> DaveN
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
