Firewall Wizards mailing list archives
Re: muliple firewall design
From: Magosányi Árpád <mag () bunuel tii matav hu>
Date: Sat, 23 Sep 2000 22:01:25 +0200
A levelezőm azt hiszi, hogy k c a következőeket írta: []
inet -- router -- FW -- DMZ -- FW -- internal net firewalls would not be from the same vendor. where do i put the dialin users for the best and most secure fit ? into the dmz or off a 3rd nic on the inside
I would put them on a separate leg of the inside firewall. It directly comes from the domain separation principle (separate systems should be separated), and if you think a bit about the meaning and purpose of life and DMZ.
firewall. the dialin users are coming into a cisco router and auth against a Radius server. we're a big M$ shop except for all the important things like firewalls and dns.
<offtopic> Once upon a time we also have been an M$ shop. Maybe the bosses on the upper levels think we are still one:) </offtopic>
i'm looking to poke holes or throw some ideas around. maybe we keep the single FW scheme and hang the remote access users off a 4th nic on the firewall ? maybe. but i'm not all to thrilled with that scenario.
Having more than 2 legs of a firewall is the outcome of a cost-reduction transformation: you transform the fw1-dmz-fw2 setup such that fw1=fw2. But you don't have to do that for all costs:) -- GNU GPL: csak tiszta forrásból _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- muliple firewall design k c (Sep 22)
- Re: muliple firewall design Magosányi Árpád (Sep 25)