| reply to imp$
Re: The Webcast First off - many thanks danielrm26 for making the time to give such a clear & thoro' explanation, and to others for your contribs.
Looking at the transcript of the webcast, much of the 2 hours of it is taken up with Q&A. Most (tho not all) of that is highly ISA-specific.
So try downloading the (excellent) PPT show & the transcript before you do the streaming video. (Unless your social life has suddenly died). 
--
If you're not confused yet, I'll carry on.........
[text was edited by author 2002-07-12 11:54:04] |
|
|
|
 rtoday
join:2000-11-05
California | reply to Daniel
Re: DMZ Basics (revised)... Thank you! A worthy thread if there ever was one. |
|
 gt7697cPremium
join:2001-02-16
The Hive | reply to Daniel
Would this setup work:
WAN to DSL Modem
DSL Modem to DMZ Router Switch Combo
DMZ Router Switch 1 port to Web/FTP/Game Server
DMZ Router Switch Combo 1 port to Internal Router Switch Combo
Internal Router Switch to rest of systems????????
Or do I need to drink some more coffee.;)
--
Just my 2 bits. |
|
 DanielPremium,MVM
join:2000-06-26
San Francisco, CA | reply to Daniel
That configuration will work fine, but you won't have a DMZ.
All of your machines in your mentioned configuration are in your DMZ. If you have a switch in your DMZ, and you connect a second switch to it, everyting connected to the second switch is on the same network as the first; rather than having two networks you just have one.
This is why you need two firewalls. You are using two switches; it's not the same.
--
"Opportunities multiply as they are seized." - Sun Tzu |
|
gt7697cPremium
join:2001-02-16
The Hive | Hmmm.....I agree with that if it was just plain switches. However, by Router Switch combo I mean Cable/DSL Router with built in switch. (Like Netgear, Linksys, etc....
Will that work??????
--
Just my 2 bits. |
|
DanielPremium,MVM
join:2000-06-26
San Francisco, CA | reply to Daniel
That isn't your problem; the problem is the second switch. You are going from your DMZ switch to another switch, which is not a seperate network.
You need to go from your DMZ switch to a firewall, not to another switch. On the other side of your firewall you go to your internal switch, and then to your internal systems.
--
"Opportunities multiply as they are seized." - Sun Tzu |
|
DanielPremium,MVM
join:2000-06-26
San Francisco, CA | reply to Daniel
Ok, we got this figured out.
The second switch is a router as well as a switch, so this will work. I thought it was just a regular switch.
I should have read it better.
--
"Opportunities multiply as they are seized." - Sun Tzu |
|
DanielPremium,MVM
join:2000-06-26
San Francisco, CA | reply to Daniel
Ok, I just watched the Microsoft presentation over perimeter networks (posted above) in its entirety. One thing struck me as being strange, and I am hoping someone can help me out with it.
The presenter stated multiple times and was quite adamant about the fact that public IP addresses should be used for the DMZ network, and not NAT'd private addresses.
This seems strange to me. While I see that it wouldn't be horrible to do this if you have the addresses to spare, why not NAT the DMZ and make use of NAT's 'firewalling' feature of dropping unsolicited connections?
--
"Opportunities multiply as they are seized." - Sun Tzu |
|
gt7697cPremium
join:2001-02-16
The Hive | It's M$ they can't spy on what they can't see.;)
--
Just my 2 bits. |
|
| reply to Daniel
Great Read ..and freakishly easy to understand .. finally got me a dslreports login heh.. talk to you later man.
--
Charlie |
|
DanielPremium,MVM
join:2000-06-26
San Francisco, CA | Nice to have you on board, bro.
I look forward to seeing you post.
--
"Opportunities multiply as they are seized." - Sun Tzu |
|
