Hi,
Currently we are planning to implement a dual firewall setup, (dual, in my
case meaning two firewalls which are connected to each other, not two
load-balanced FW's + 2xInternetaccess)
with a DMZ to secure our network and make DMZ servers available to the outside
world (as well as to internal users!).
But there's isn't much information available on how to setup such a
configuration.
We had the following setup in mind:
*Internet
*FW1 interfaces:
ext 212.212.212.212/24 NAT enabled)
optional 10.10.10.10/24 (DMZ)
internal 10.10.20.10/24
*DMZ 10.10.10.0/24
*FW2 interfaces:
ext 10.10.20.11/24 (No NAT)
optional 10.10.10.11/24 (DMZ)
int 10.10.20.11/24
*LAN 10.10.20.0/24
So FW1 and FW2 are both connected to the DMZservers and both using the same
physical network and NIC's in the DMZ servers.
Q1: Is the DMZ secure or do we have to install 2 NIC's in all DMZ servers and
create different Networks to connect to each FW?
Q2:Or is it more secure to only connect FW1 to the DMZ and force all internal
traffic towards the DMZ servers to use FW2 and then FW1 to connect. (too
slow?)
Q3: Do we have to implement NAT in FW2 for security purposes and maybe use
internet ipaddresses for both firewalls?
Any resources and comments on this subject are welcome.
Regards,
Nico
____________________________________________________________________
Get free email and a permanent address at http://www.amexmail.com/?A=1
____________________________________________________________________
Get free email and a permanent address at http://www.amexmail.com/?A=1
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
