A "true" DMZ may have a firewall between the Internet and the DMZ, as well as between the DMZ and the intranet.
Laura ----- Original Message ----- From: "Bill Royds" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, April 03, 2002 8:11 PM Subject: RE: Basic DMZ Setup Questions... A true MZ is the net between the firewall and the Internet, not behind a firewall. If this is the case, then you have the choice of a public address or a simple 1-1 NAT (IP redirect) set up on your NAT enabled router. If your router can handle Port Address Translation, where it sends the traffic from a single Internet address to separate servers depending on destination port, you can save Internet IP space by using private addresses. But your servers are not being protected by your firewall. If it is the more common server segment on a third NIC of the firewall, then it can use private address space, either IP redirect, PAT or full dynamic NAT. But it still would be a good idea to set up this server segment with a separate subnet address to ease routing and rule making on the firewall. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John S. Strock Sent: Wed April 03 2002 18:26 To: [EMAIL PROTECTED] Subject: Basic DMZ Setup Questions... I have a few questions regarding setting up a DMZ. Currently our public servers are behind our LAN port on our Firewall, with only the ports we need opened. I would like to move these server to the DMZ port of our SonicWall DMZ firewall. My question is...once I put something in the DMZ, do I need to give it a different IP address, meaning do I need to change it from an internal LAN IP to a external WAN IP? Currently, my NAT router handle's that. And if I do give it a WAN IP, does that mean I take it out of my NAT table? I plan on using our HP Switch to create 2 VLAN's, one for our LAN and one for the DMZ Zone (currently our switch is not VLANed and it's used for our internal LAN). Would this work, is this a good idea? Can you give me any basic setup ideas/suggestions? Thanks! John _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
