Since they're public servers, should something happen and they were compromised, if they're in the DMZ then the damage is limited in scope, whereas if they're in your internal network, then whoever hacks it may be able to leverage the internal presence of the compromised box and do more damage to other, non-public servers. General rule of thumb is to let the publicly accessed servers be in that DMZ zone for this reason. Of course, there are situations where you can't avoid it, so you just lock down as much as you can and have something translated to an internal machine. All depends on your circumstances and infrastructure and needs.
My .02 ;) J -----Original Message----- From: Andrew P. Kaplan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 8:47 AM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- placement of smtp mail servers >>Put your BSD in the DMZ if you have a spare public IP. What's the advantage of putting the mail server on the DMZ as all the boxes are "public" boxes that is to say they are either web or mail (smtp/pop/imap) [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-] Andrew P. Kaplan Network Administrator WEB www.cshore.com 168 Boston Post Road EMAIL: [EMAIL PROTECTED] Madison, CT 06443 [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-] Obstacles are those things that appear when you lose sight of your goal. - Henry Ford > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Chris Hunt > Sent: Wednesday, September 18, 2002 8:58 AM > To: [EMAIL PROTECTED] > Subject: Fwd: [SonicWALL]- placement of smtp mail servers > > > Put your BSD in the DMZ if you have a spare public IP. As for speed I > would think it should handle it but I'm only pumping at 1.5meg > > Chris > > > >I have two questions about my Sonicwall 300 > > > >ONE: I'm curious to learn the load capacity of a Sonicwall 300. > According > >to the info the transfer capacity is over 100 megs a second. Does this > >mean if the Sonicwall is connected to a 2.5 meg connection that the > >sonicwall could never be overloaded with too much traffic. > > > >TWO Currently I have three medium volume web servers behind the 300. I > >would like to add a SMTP server that processed about a gig of > data a day. > >The box is a BSD box running Postfix and SSH only so it's pretty hard. > >Should the box be placed behind the firewall and should it be on > a regular > >port or the DMZ. > > > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ================================================================== > ================================= > To unsubscribe, send email to [EMAIL PROTECTED] In the body of > the email put the following: unsubscribe sonicwall your_name > The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02 --- [This E-mail scanned for viruses by Declude/F-Prot AV] ============================================================================ ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot AV] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
