IMHO, there is some advantage to having two separate firewalls as
pictured in your second diagram.
1. Your internal network is not automatically compromised.
2. You can setup the machines in your dmz to alert if they see traffic
on odd ports or from the firewall itself.
3. It buys you time to discover the intruder and disable his access
while he does not necessarily have access to your internal network.
-g
On Sun, Dec 12, 1999 at 09:48:56AM -0500, Bennett Samowich wrote:
> Greetings,
>
> Are there any issues, pro or con, to having two physical firewall machines
> making up the perimeter versus one? If building with two machines should
> they be the same or different?
>
> Scenario A:
> ,->DMZ
> Net->firewall
> `->Internal
>
> Scenario B:
> ,->DMZ
> |
> Net->firewall---->firewall->internal
>
>
> Thanks in advance,
> - Bennett
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
