Sri Kanda wrote:
>
> Group,
>
> I'm working on a DMZ setup for Internet
> connectivity.Below is my proposed Internet setup, in
> that I would lke to connect a device between my
> firewall(webshield) external interface and ISP. Since
> my ISP s in the same building I can plug in to it with
> an Ethernet. This device should hide my external
> interface of the f/w to the outside world.
But it exposes the outside interface of the new device so hackers will just
go after it instead, probably with the same negative results.
You mentioned a 2621. Those aren't very fast routers. It could impede
performance, especially if you add lots of access control lists.
It's a good question really. How many layers of security do you add to your
perimeter and do layers really help? What are the advantages and
disadvantages of "double locking the front door" and what are some good ways
to accomplish this?
Priscilla
>
> ISP
> |
> |
> |
> --------------------------------------
> Device to hide external f/w interface |
> --------------------------------------
> |
> |
> |
> ---------
> Firewall |
> ---------
> |
> |
> |
> -------------
> Proxy Server |
> -------------
>
> I could think of L3 switch or Cisco 2611 router with
> 2 Ethernet, one to connect towards my firewall side
> (with some private IP address) and the other to
> connect ISP side with public IP.
>
> Would appreciate if you have better option than the
> proposed one.
>
> Thanks in Advance
>
> Best Regards,
> Srikanda
>
>
>
>
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> New and Improved Yahoo! Mail - 100MB free storage!
> http://promotions.yahoo.com/new_mail
>
>
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=91447&t=91435
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
