Firewall Wizards mailing list archives
placement of AG vs SPF
From: Woody Weaver <woody () wiltelnsi com>
Date: Fri, 18 Sep 1998 11:18:13 -0700
Lets suppose we have the following sort of network compartmentalization: /- net 1 Internet --- Firewall --- (inter-firewall segment) --- Firewall - net 2... / | \ | \- net N DMZ services Bastion services DMZ services are public, you mostly want to keep them from crashing; no significant data will reside there (they'd be refreshed from inside on a regular basis). Bastion services include authentication, logging, and pass through to internal data bases. Inside the second firewall are users, protected internal servers, etc. Lets say you are a belts-and-suspenders sort of guy, and believe that two separate firewall technologies should be used, so you decide that one firewall will be a "mostly application gateway" firewall (sometimes called a proxy... :) ) and the other will be a "mostly stateful packet filter" firewall. If the specific product matters, lets say one is going to be Gauntlet, and the other Checkpoint's FW1. Which would you put on the outside as the screening firewall, and which on the inside as the internal firewall, and why? Does the specific product matter, or is the reasoning based upon AG vs SPF? --woody -- Robert Wooddell Weaver email: woody () wiltelnsi com Network Engineer voice: 510.358.3972 Williams Communication Data Group pager: 510.702.4334
Current thread:
- placement of AG vs SPF Woody Weaver (Sep 19)
- <Possible follow-ups>
- Re: placement of AG vs SPF Rodney van den Oever (Sep 20)
- RE: placement of AG vs SPF Stout, Bill (Sep 21)