Security Basics mailing list archives
Firewalls and PCI
From: "Josh Haft" <pacmansyu () gmail com>
Date: Tue, 15 Jan 2008 15:56:53 -0600
Hello all, Please consider the following scenario with respect to a) PCI compliance, b) best practice, and c) your own personal experiences/implementations. Have been requested by a client to implement separate, physical firewalls between our various networks. Currently, we have one physical firewall with interfaces to a public network (after a quick pass through a router), a LAN, a DMZ, and another network which houses our database servers. These are all on separate networks, and run through separate physical switches. The client wants another physical firewall between each subnet. The new configuration as I see it would have the 'main' firewall NAT'ing and passing traffic from the public network to the DMZ, and to two additional firewalls. Behind those firewalls would be a LAN and the separate 'database network', respectively. In our ever-ending quest to bend over for every client, cost (within reason) is not an issue, so disregard that aspect. Comments, questions, and concerns as they relate to this issue would be greatly appreciated. Thanks! Josh
Current thread:
- Firewalls and PCI Josh Haft (Jan 15)
- Re: Firewalls and PCI Jon R. Kibler (Jan 15)
- Re: Firewalls and PCI Brian Johnson (Jan 16)
- Re: Firewalls and PCI Jon R. Kibler (Jan 16)
- RE: Firewalls and PCI Craig Wright (Jan 16)
- RE: Firewalls and PCI Timmothy Lester (Jan 16)
- Re: Firewalls and PCI Brian Johnson (Jan 16)
- Re: Firewalls and PCI Jon R. Kibler (Jan 15)
- Re: Firewalls and PCI David Glosser (Jan 16)
- RE: Firewalls and PCI Jason Alexander (Jan 16)
- <Possible follow-ups>
- Re: Re: Firewalls and PCI evilwon12 (Jan 16)
- Re: Re: Firewalls and PCI Josh Haft (Jan 16)
- Message not available
- Re: Firewalls and PCI Lyle Worthington (Jan 17)
- Re: Re: Firewalls and PCI Josh Haft (Jan 16)