[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Web server in DMZ
Pardon my jumping in, but isn't it common practice to have a different network for the DMZ, not in the same address space as the external address of the firewall? Otherwise internal requests to the public address of a DMZ system would get "out" on the Internet first and then back in, right? Example: We used to have a 10.41.x.x DMZ network, because all internal networks were also using 10.x networks and the routing from the LAN to the DMZ hosts (for internal guys doing maintenance or whatever) was easier that way. For the Internet the FW of course held a "virtual", public address for any DMZ server and routed all requests for it to the NATted DMZ address. Did I miss something here? Best regards Ralf G. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|