Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

(no subject)

From: LazloCarreidas () netscape net
Date: Wed, 06 Nov 2002 07:02:09 -0500
Hi.

My company is considering installing two firewalls in serie, i.e. to have
two layers of defense. We would use CheckPoint NG and Cisco PIX (we do not
use OpenSource, etc...)

Here are some key design points:
  * NG would be the first defense line, i.e. connected to the Internet.
    It will allow to use CheckPoint VPN for external users, plus
    firewalling
  * PIX would be the second one.
    It will do the NATting, plus firewalling
  * We need DMZ capabilities
    To do that, we are considering several possibilities:
      - connect the DMZ to the NG only;
      - connect the DMZ to the PIX only;
      - have a "shared" DMZ, i.e. one based on two subnets (each
        connected to a firewall), and where some machines have dual
        interfaces (no routing between them, of course) when needed;
      - have two DMZes, each connected to a firewall.

I would like to have your comments on these proposals.

For example, we are wondering if having two layers of firewalls is really
more secure, even if less manageable.
We are also interested to know your experiences, the hidden culprits, the
obvious flaws, etc...

Thanks a lot to you...

  Lazló


__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp 

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: