Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Web server in DMZ

To: "Juppunov, George" <[email protected]>
Subject: RE: [FW1] Web server in DMZ
From: [email protected]
Date: Fri, 8 Jun 2001 11:45:34 +0200
Cc: [email protected]
Sender: [email protected]


Pardon my jumping in, but isn't it common practice to have a different
network for the DMZ, not in the same address space as the external address
of the firewall? Otherwise internal requests to the public address of a DMZ
system would get "out" on the Internet first and then back in, right?

Example:

We used to have a 10.41.x.x DMZ network, because all internal networks were
also using 10.x networks and the routing from the LAN to the DMZ hosts (for
internal guys doing maintenance or whatever) was easier that way.

For the Internet the FW of course held a "virtual", public address for any
DMZ server and routed all requests for it to the NATted DMZ address.

Did I miss something here?

Best regards
Ralf G.






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] Web server in DMZ
  - From: "Carl E. Mankinen" <[email protected]>

Prev by Date: [FW1] Cluster Gateway defination
Next by Date: [FW1] SecuRemote behind NAT device
Previous by thread: RE: [FW1] Web server in DMZ
Next by thread: RE: [FW1] Web server in DMZ
Index(es):
- Date
- Thread