From my understanding of best practice topologies, a network should basically mimic the model of
[Users -- TustedRouter -- FW/DMZ + PublicFacing Servers -- PerimeterRouter -- WWW]
Where the FW is basically blocking all incoming traffic wanting into the trusted network unless requested first.
Are their any pro's to allowing the FW to forward almost unwarranted incoming traffic to the trusted network where all the user's have public IP addresses?
EDIT: And by users, I mean hundreds of everyday devices, that at minimum have basic out-of-the-box Windows 7/10 firewall enabled and Microsoft SCEP.
No comments:
Post a Comment