Tom Tomasovic wrote: [snip] > The three card firewall allows machines in the DMZ to be located on a different > network segment from the production environment, thus isolating them more > effectively. The three card concept also allows (among other things) the > production network to be effectively isolated from the public network, since the > only 'visible' address would be the card connected to the internet. The > firewall would be responsible for analyzing requests made to the 'public' > address and routing them to the appropriate resource (generally on the DMZ). [snip] DMX zones don't have to be implemented with a three card NIC setup. They can instead be implemented with an outter and inner firewalls. This however will likely cost more. Using this method the software on the firewalls can be simpler. | <--Outside network | Outter Firewall | | <--DMZ network with the machines on it. | Inner Firewall | | <--Local network -- | Bryan Andersen | [EMAIL PROTECTED] | http://softail.visi.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen | - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
