RE:Firewall and DMZ

[Aaron Fisher <aaron-fisher () iinet net au>]

After seeing this topic go on for some time why not have a router with 2 
network interfaces one interface you would have your firewall and then 
internal LAN

                               <> Firewall <> LAN
internet <> router
                               <> Firewall <> DMZ

The other would have your firewall and then DMZ. You can then deny all 
traffic with a source add from the DMZ going to a dest of your LAN. This 
still wouldnt stop traffic originally coming from the LAN as im assuming 
you would be using NAT so the source address would be the routers 
external interface and it was initiated by the LAN. Hopefully this 
sugestion makes sense however routers with 2 10/100 network ports can be 
rather expensive.

Anyways thats my 2cents

Aaron



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
    
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
         
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------