Hello!
Im looking at this diagram which when simplied looks like this:
internet --- router --- firewall --- DMZ (dns,web,email,proxy) --- firewall ---- LAN
My questions:
1. is the router properly placed? sitting between the internet and firewall? isnt it supposed to be behind the firewall?
2. is this setup secure?
3. are the services within the DMZ supposed to be there?
Thanks!
The setup you have is pritty normal if the router does something usefull, like link failover, or link sharing or load ballancing, but in this case it does not seem to.
a fairly standard setup is to have the first device as a routing firewall or Gateway device (www.ebox-platform.com) that routes and filters in the same box. With a DMZ network off of hte gateway and then an internal network. This uses less boxes but you have to be very carefull with the routing and firewall rules.
Another common setup is to have the firewall then the router with the router routing incomming packets as needed to the DMS devices (usually port forwarding), and the other packets going to the otherfirwall and then to the internal lan.
-jeff
Posting Permissions
Reply With Quote
Bookmarks