There are many reasons. The first of all, in this situation: >internet --> Firewall --> LAN > --> DMZ
You need to pass through you LAN to access the DMZ ... I dont need to say anithing more. The purpose of a DMZ is to isolate the public servers from outside the LAN. If someone hacks the DMZ will not be able to access the LAN. >internet --> Outer Firewall --> DMZ --> Inner Firewall --> LAN In this other situation you need to pass through the DMZ to access the LAN, so all conections from the LAN to the INTERNET will pass in the DMZ.. if someone compromise the DMZ will be able to snif the conections to the internet and a lot of other things ... ->The "real" purpose of a DMZ is to isolate your public servers, nothing more. []`s Daniel B. Cid >On Mon, 2003-06-09 at 20:53, Chris Berry wrote: > >From: Christopher Ingram <[EMAIL PROTECTED]> > >So, the below setup is not decent for a corporate LAN. Ideally, the DMZ > >should sit on a seperate connection to the Internet from the rest of the > >network, using a different ISP and therefore, different IP block. This > >provides the most isolation. > > I'm afraid I don't see how that: > > internet --> Firewall --> Lan > > internet --> Firewall --> DMZ > > would be any more secure than this: > > internet --> Outer Firewall --> DMZ --> Inner Firewall --> LAN > > or this: > > internet --> Firewall --> LAN > --> DMZ > > which are the setups that I've seen. Can you give some > justification/explanation on why you think that would be better? > > Chris Berry > [EMAIL PROTECTED] > Systems Administrator > JM Associates > > "All I want is a few minutes alone with the source code for the universe and > a quick recompile." > > _________________________________________________________________ > STOP MORE SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail > > > --------------------------------------------------------------------------- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
