|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Rob Collins (robtompc@yahoo.com)
Date: Thu Oct 04 2001 - 17:52:26 CDT
Just to be clear, the two different architectures are:
Basic firewall with DMZ network architecture;
INTERNET
|
LAN---o---DMZ
Dual firewall with DMZ network architecture;
INTERNET
|
o
|___DMZ
|
o
|
LAN
In both architectures, traffic from any one segment to
another must first pass a firewall. The difference,
so far as I see, is entirely in the shape of the rules
the firewall(s) use.
Maybe I'm not understanding 'layering'. What benefit
does putting the second firewall in provide? I see
complications (like an extra firewall), but no benefit
in making traffic destined for the intranet traverse
the DMZ.
--- Arlen Fletcher <Arlen.Fletcher@farm-credit.com>
wrote:
> It's a layered defense.
=====
--r
"Experience is that marvelous thing that enables you to recognize a mistake when you make it again." -- F. P. Jones
__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]