DMZ - Question
- From: hol64@xxxxxxxxxxx
- Date: 26 Oct 2007 15:41:02 -0000
I have to setup a DMZ on our network. Our current layout is Internet Router <--> Firewall <--> WAN/LAN Router <--> Servers
The idea is to setup a back-to-back DMZ or Dual Firewall DMZ. So the topology would be like this..
Internet Router --> FW-1 <--> DMZ <--> FW-2 <--> WAN/LAN router.
On the DMZ we will have a Web Server that needs access back to the Mainframe on the LAN, and a Mail server that need access to another mail server on the LAN.
One of my questions is the DMZ is in a /24 subnet and the LAN is on a /16 subnet. Is the only way for the web server in the DMZ to communicate with the inside LAN by NATting in the FW-2. Isn't this creating a double subnet from the outside??
I am working with 2 pix firewalls, and I am hoping to change FW-2 to a different brand that has stateful inspection.
- Prev by Date: Website\Tool listing version numbers of sec tools ?
- Next by Date: Re: PHP/MySQL image gallery penetration testing
- Previous by thread: Website\Tool listing version numbers of sec tools ?
- Next by thread: Re: DMZ - Question