While I can't speak specifically about Sonicwall and it's implementation...
The purpose of the DMZ is to provide a separate network for you to put your internet facing servers in. In most cases, this includes the application of a separate rule set for the DMZ. This might be a higher-end feature, I am not sure. The DMZ is not the same as the LAN and "ideally" you shouldn't be able to access the LAN from your DMZ (and vice versa if it can be helped). Point is, the boxes in your DMZ are more susceptable to being broken into and if a box in your DMZ is compromised, it shouldn't be able to then be used to attack your LAN. C -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: May 2, 2002 10:54 PM To: [EMAIL PROTECTED] Subject: DMZ security Does anyone know if firewall appliances usually protect its LAN port the same as its DMZ port? On my Sonicwall I can set port blocking for PCs on both the LAN and DMZ port. If I block traffic to all ports for DMZ PCs, is the DMZ essentially the same as the LAN? Or would it be not as safe as the LAN? thanks, Andy
