Re: External Network / Firewall Setup.

[lists () ninjafriendly com]

Quoting "Ivan ." <ivanhec () gmail com>:

> > I'm wary of a single point of failure.
> Everything you listed in your diagram is a single point of failure? If
> you want redundancy you would start at the router, make it a HA pair,
> 2 switches, the FW a HA pair, 2 switches and the last FW a HA pair and
> 2 more switches. Sorry, I couldn't be bother doing a ascii diag for
> you.
Sorry, I should have been more clear - I mean failure in terms of a 
compromised
firewall allowing access to the internal lan.  I'm aware that if part of my
plan  breaks it knocks out connectivity for the lot.  Redundancy would be good
to have, but we may not be able to afford it.

> If you go the PIX route the second in a HA pair is half price. Also
> take a look at Netscreen's, good value.

Good to know

> > Should I use the DMZ mailserver simply as a relay for an internal 
> > mailserver?
> yes, for sure
> contact me off list if you want a quick and dirty diag
>
> cheers
> Ivan