Wednesday, October 3, 2018

DMZ design

Hello Gents and ladies

As this topic has probably been done to death but im curious as to how a "typical" DMZ design is done. When i say typical i would like to think the standard way across enterprises with minor deviation.

For background my current org does it in a way I havent seen in some times.

Hosts sit in the DMZ zone with one NIC. Defeault gateway is the firewall. If these hosts want to talk to inside hosts then they connect to a Dmz-nat IP add. Which ok...is fine,

So every time these DMZd hosts want to connect to any inside IP (for ntp, syslog, ftp..) we need to create a DMZ nat so the hosts appear they are just targeting another hosts within the same dmz.

Im just used to a dual NIC dmz machine protected on each NIC by a firewall.

Whats your designs?



No comments:

Post a Comment