Re: [FW-1] DMZ setup

[Sadir Al-khafaji <sadir@FW1-NOSPAMERICSSON.SE>]

well from experience i know very well that NAT doesn't let go of the
session so you will have hanging sessions on the firewall even when the
client has sent an ack. this can reduce capacity.

/// Sadir Firewall Engineer Ericsson /Sweden

James Edwards wrote:

>I put as much of my public stuff in the DMZ as possible.  Anything that is
>accessed by the outside world (Web server, DNS, etc) goes into the DMZ.
>Luckily, I have a whole Class C network that I use for small subnets and I
>use that for my DMZ.  I don't use NAT at all.
>
>Jim Edwards
>Systems Manager
>Texas Secretary of State
>
>
>-----Original Message-----
>From: Perbix, Michael [mailto:PERBIX@LMSD.ORG]
>Sent: Friday, October 04, 2002 11:17 AM
>To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
>Subject: [FW-1] DMZ setup
>
>
>If someone knows of a decent resource I can go to, by all means please let
>me know, however nothing I have found directly answers my question, and
>also, this is a matter of opinion...
>
>When setting up a DMZ, I would prefer to use real IP addresses instead of a
>internal address then use Static NAT.  I would mainly like to do this
>because there appears to be some servers that FW-1 does not communicate well
>with when Nat is involved, one of which is Streaming.  Now this information
>may be wrong.....
>
>But what is everyones thought on whether the DMZ should be real IP addresses
>or NAT'ed
>
>What are the benefits of using NAT for DMZ and what servers are people
>putting in the DMZ and what type of internal/external access do you define.
>
>Thank you in advance....
>
>    -Mike
>
>-------------------------------------
>Michael Perbix
>Telecommunications Specialist
>Lower Merion School District
>- Phone
>- Fax
>
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to LISTSERV@lists.us.checkpoint.com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner@ts.checkpoint.com
>=================================================
>
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to LISTSERV@lists.us.checkpoint.com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner@ts.checkpoint.com
>=================================================
>
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================