Re: External/DMZ/Internal with two firewalls?
- From: "Don Kelloway" <usenet@xxxxxxxxxxxx>
- Date: Wed, 22 Mar 2006 15:51:42 GMT
<te@xxxxxxxxxxxxxx> wrote in message
This is the first time I have seen this and I was curious on the
feedback on this configuration...
I'm at a new gig and they have their network setup with two external
firewalls (active/passive) for redundancy, then their DMZ, then another
pair of firewalls before getting into the Internal network.
I have always just seen one set of firewalls, not two. It has made
trouble shooting a complete nightmare, because they do double NAT'ing.
I have read a thing or two that "maybe" this might be something you
would do if you used two different vendors to protect against a 0-day
exploit, but it seems a little odd to me.
I just thought I would ask the experts.
It may offend some, but in my experience I've come to know a single firewall
supporting multiple interfaces as a 'Modern DMZ' whereas having two or more
firewalls inline with each other is what is/was referred to as a
'Traditional DMZ' with the network in between known as the perimeter
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security
on the Internet".
- Prev by Date: Re: I am sick of windows firewall
- Next by Date: Re: Firewalls, what would you use? or would recommend?
- Previous by thread: Re: External/DMZ/Internal with two firewalls?
- Next by thread: Firewalls, what would you use? or would recommend?