Security Basics mailing list archives

DMZ - Question

From: hol64 () hotmail com
Date: 26 Oct 2007 15:41:02 -0000

I have to setup a DMZ on our network. Our current layout is Internet Router <--> Firewall <--> WAN/LAN Router <--> 
Servers

The idea is to setup a back-to-back DMZ or Dual Firewall DMZ. So the topology would be like this..
Internet Router --> FW-1 <--> DMZ <--> FW-2 <--> WAN/LAN router. 

On the DMZ we will have a Web Server that needs access back to the Mainframe on the LAN, and a Mail server that need 
access to another mail server on the LAN.

One of my questions is the DMZ is in a /24 subnet and the LAN is on a /16 subnet. Is the only way for the web server in 
the DMZ to communicate with the inside LAN by NATting in the FW-2. Isn't this creating a double subnet from the 
outside??

I am working with 2 pix firewalls, and I am hoping to change FW-2 to a different brand that has stateful inspection.
 

Please Advice,

Thanks, 

Pablo

Current thread:

DMZ - Question hol64 (Oct 26)
- Re: DMZ - Question Ansgar -59cobalt- Wiechers (Oct 26)
  - Re: DMZ - Question Daniel Anderson (Oct 29)
    - Re: DMZ - Question Ansgar -59cobalt- Wiechers (Oct 29)
    - Message not available
    - Message not available
    - Re: DMZ - Question kevin fielder (Oct 31)
- RE: DMZ - Question David Gillett (Oct 26)
- RE: DMZ - Question Dan Lynch (Oct 26)
- Re: DMZ - Question p1g (Oct 29)
- <Possible follow-ups>
- Re: Re: DMZ - Question hol64 (Oct 26)
  - Re: DMZ - Question Ansgar -59cobalt- Wiechers (Oct 29)