Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DMZ Archtecture - Using public address space vs. using Private Ad dress space and NAT

From: m p <sumirati () yahoo de>
Date: Thu, 2 Aug 2001 19:44:40 +0200 (CEST)

 --- "Stapleton, Bernard (Australia)" <bernard_stapleton () exchange au ml com>
schrieb: > Everyone,


We have started an interesting conversation at work at the moment, regarding
whether to use public address space in our DMZs.

The idea of using public address space has its pros and cons.

Pro:

No address conflict with connecting to external partners. They can route
this space internally and so can you, without fear of conflict with another
party.
No need for address translation / simplification of management
Ease of passing protocols that are difficult to firewall

Cons

Security risk if firewall host still routes if firewall software shutdown
More complex management

I was wondering if anyone on this list has anything to say about this topic?
I would like to know what people might be doing internally themselves, and
why they came to that decision.

Thanks

Berny




Hi,

i can not told you much about a pros and cons. It is basicly my point of view.

But: There is one logical problem in your mail:

Pros:
simplification of management (as one point)

Cons:
More complex management

What managment do you mean in which case? Or do you mean in both cases the same
kind of managment?

Just my two cents.

marc

__________________________________________________________________
Do You Yahoo!?
Gesendet von Yahoo! Mail - http://mail.yahoo.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: