DMZ Routing Question

["FW Mailinglist" <fwlist2008 () gmail com>]

All,
I have searched the archives a bit, but haven't found what I am looking for.
I am implementing a new DMZ design and wanted to get back what the common
consensus is on routing. I am deploying a typical sandwich design - Outside
Firewall -> DMZ Networks <-Inside Firewall.

The switches in the DMZ are Cisco 6509E's with SUP 720's. The inside and
outside firewalls are both ASA 5550's in Active/passive.

My thought is that I'll create vlans in the DMZ for the web, DB, and mail
networks and use the Sup720s as the default gateway. I planned on using PBR
(hardware in the 6K) based on the source and destination networks to direct
the traffic to appropriate firewalls. My other thought is to haul all of the
DMZ traffic into the Outiside firewall and allow it to handle the routing...

Any thoughts on a preffered method?

Thanks!

Joe

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards