Hello All,
From reading a few design documents my understanding is a DMZ should ideally have two NIC's inside each reverse proxy with one pointing towards the outside untrusted network and the other pointing towards the internal firewall each on a different logical segment.
It appears there is information from SANS and other vendors such as Microsoft around following this advice. Can anyone provide the best in security by following this approach?
Internet <----> OUTSIDEFW <-----> OUTSIDE VLAN <-----NIC1> Reverse Proxy <NIC2-----> INSIDE VLAN <-----> INSIDEFW <----> LAN
Thanks
No comments:
Post a Comment