[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Newbie Question
Jeff, Set your web servers in a DMZ off of the fw(third NIC) and give them IP from one of your blocks. Depending on the number of servers you have or will have, subnet one of the blocks - no need to waste IP's. I wouldn't bother with NATting these web servers, this is just additional work on your fw, not really isn't needed. Some may disagree with me on this, but in the end, it's your site. Some feel that any additional layer of security is worth it, even if it's obfuscation. If your going to have more than one web server in the DMZ, are you looking at high availability and or load balancing? There are both hardware and software products out there that can do this well. My apologies in advance of your near future spam from Jules :) - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> "Jeff Reinhardt" <[email protected]> 11/18/00 7:03:17 PM >>> >I am relatively new to Checkpoint and would appreciate it greatly if anyone >can answer the following for me: > >I have 2 Class C IP blocks to setup on our webservers, what is the most common >and secure method for using check point here. Would I bind the public addresses >to the web servers and setup a route for the Class Cs that point to the internal >NIC on the firewall? or would I use internal IPs on the web servers and if so, how >would the translation take place? > >Thank you, > >Jeff ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|