What are best practices for designing a DMZ and accessing services located on a DMZ? If you have a firewall with 3 interfaces, 1=public, 2=dmz, 3=private, should the DMZ subnet be routable addresses or private addresses? Obviously if they are private addresses then traffic to/from the public internet gets NAT'd. What about traffic to/from the private network on the 3rd interface, do users on that subnet access a server on the DMZ by hitting a NAT'd address or is the DMZ subnet known to the private subnet?
Any pointers to design white papers or security best practices would be great. Steve ----------------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
