I would suggest putting it in the DMZ. If the box is compromised, then the intruder has access to only the box in the DMZ, not your LAN. You could just set it outside, but then you would not have the extra protection that the sonicwall offers. Same goes with (almost) any system that is accessible to the public; put them in the DMZ, lock down the access between the WAN to the DMZ, and lockdown DMZ to the LAN. I tend to think one-to-one NAT is generally evil because it allows an intruder a way right through your firewall, I use it as a last resort.
PS: Greetings list! :)
Matt Bell
Network Analyst
L.A. Darling Company
[EMAIL PROTECTED]
Brainbench Certified
* Linux Administrator
* Internet Security Specialist
* Windows 98 Administration
* Windows 2000 Administration
> -----Original Message-----
> From: Andrew P. Kaplan [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 18, 2002 8:47 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [SonicWALL]- placement of smtp mail servers
>
>
> >>Put your BSD in the DMZ if you have a spare public IP.
>
> What's the advantage of putting the mail server on the DMZ as
> all the boxes
> are "public" boxes that is to say they are either web or mail
> (smtp/pop/imap)
>
> [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
> Andrew P. Kaplan Network Administrator
> WEB www.cshore.com 168 Boston Post Road
> EMAIL: [EMAIL PROTECTED] Madison, CT 06443
> [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > Behalf Of Chris Hunt
> > Sent: Wednesday, September 18, 2002 8:58 AM
> > To: [EMAIL PROTECTED]
> > Subject: Fwd: [SonicWALL]- placement of smtp mail servers
> >
> >
> > Put your BSD in the DMZ if you have a spare public IP. As
> for speed I
> > would think it should handle it but I'm only pumping at 1.5meg
> >
> > Chris
> >
> >
> > >I have two questions about my Sonicwall 300
> > >
> > >ONE: I'm curious to learn the load capacity of a Sonicwall 300.
> > According
> > >to the info the transfer capacity is over 100 megs a
> second. Does this
> > >mean if the Sonicwall is connected to a 2.5 meg connection that the
> > >sonicwall could never be overloaded with too much traffic.
> > >
> > >TWO Currently I have three medium volume web servers
> behind the 300. I
> > >would like to add a SMTP server that processed about a gig of
> > data a day.
> > >The box is a BSD box running Postfix and SSH only so it's
> pretty hard.
> > >Should the box be placed behind the firewall and should it be on
> > a regular
> > >port or the DMZ.
> > >
> >
> > ---
> > [This E-mail scanned for viruses by Declude/F-Prot AV]
> >
> > ==================================================================
> > =================================
> > To unsubscribe, send email to [EMAIL PROTECTED] In the body of
> > the email put the following: unsubscribe sonicwall your_name
> > The archive of this list is at
> http://www.mail-archive.com/sonicwall%40peake.com/
>
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/02
>
> ---
> [This E-mail scanned for viruses by Declude/F-Prot AV]
>
> ==============================================================
> =====================================
> To unsubscribe, send email to [EMAIL PROTECTED] In the body
> of the email put the following: unsubscribe sonicwall your_name
> The archive of this list is at
> http://www.mail-archive.com/sonicwall%40peake.com/
>
>
