Re: Host placement and DMZ internal/external questions.

[phunked up! <phunkodelic () gmail com>]

> 1 if you have a host such as citrix that must have access to the
> internal network does that sit on your DMZ?

If you are running Citrix and want remote access you should deploy
Citrix Secure Gateway as it is free (less the cost of a small windows
server)  and comes with Citrix.  Yes this secure gateway should be put
in the DMZ as it is in my network.
> 2 antivirus mail gateway servers / Antivirus update server does that
> sit on your DMZ ?

I currently have them on my internal network sitting behind my PIX.  I
run a small 200+ node network though.  If I were looking at a bigger
network I might be tempted to move part of the email system to the
DMZ.  My email system sits on one server.  If I had a front end email
server and a back end email server (or even more servers) I would
place on in the DMZ.  My AV server is on the internal network too.
> 3 a squid proxy that internal hosts access

I have no real world experience with this one BUT I would tend to
think you would place your proxy server on the inside of the network
behind the firewall.
>
Hope this helps.