GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: DMZ setup ISP side device posted 08/02/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


At 10:36 PM -0700 8/1/04, Sri Kanda wrote:
Group,

I'm working on a DMZ setup for Internet connectivity.
Below is my proposed Internet setup, in that I would
like to connect a device between my firewall
(webshield) external interface and ISP. Since my ISP
is in the same building I can plug in to it with an
Ethernet. This device should hide my external
interface of the f/w to the outside world.'

I don't understand what problem you are trying to solve. If you hide the outside interface of your firewall from the outside world, even if you were initiating all transactions from the inside going out, how would the response find its way back?



ISP | | | -------------------------------------- Device to hide external f/w interface | -------------------------------------- | | | --------- Firewall | --------- | | | ------------- Proxy Server | -------------

I could think of L3 switch or Cisco 2611 router with 2
Ethernet, one to connect towards my firewall side
(with  some private IP address) and the other to
connect ISP side with public IP.

Would appreciate if you have better option than the
proposed one.

Thanks in Advance

Best Regards,
Srikanda




__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail

_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com

Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html