[fw-wiz] VPN endpoints
From: hermit921 (hermit921_at_yahoo.com)
To: <email@example.com> Date: Tue, 24 Aug 2004 10:36:43 -0700
We are planning to put a VPN endpoint at our site for remote access. We
know nothing about the remote client computers, we just provide an
authentication mechanism for the users. The question concerns where we put
the VPN endpoint on our network.
I figure it this way: 2 VPN device interfaces, either of which can go
outside the firewall, on a DMZ, or inside the firewall. That gives us 9
possible arrangements, some of which are ridiculous, but fun to
consider. We came down to two configurations.
One approach is putting the internal interface on a DMZ. The other
approach is to have the VPN bypass the firewall entirely. I am looking for
advice on which approach is better, and reasons why.
firewall-wizards mailing list