I did some work for a member of the Global Fortune 15 where there network was:
Internet -> FW -> perimeter servers -> FW -> DCs -> FW -> member servers -> FW -> PCs I couldn't ping by NetBIOS name or FQDN DC1 sitting above DC2 in the same rack because DNS was in the perimeter network. And they wonder why they had name resolution issues! Webster From: Free, Bob [mailto:[email protected]] Subject: RE: AD and firewall ports Agreed, the old M&M paradigm is long gone. The other thing I find intriguing about this thread is that the proximity of the OP's DMZ to the internet is unknown, let alone its intended purpose. The classic definition of a DMZ only standing between an internal network and the internet is no longer valid. I have DCs in DMZs on the main network, heck I have one environment where all the DCs in the forest are in DMZs, there are firewalls all over the place and the internet isn't even part of the equation. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
