[TriLUG] [OT] using public IP addresses or private addresses for the DMZ
Heath Roberts
htroberts at gmail.com
Mon Jul 11 11:36:25 EDT 2011
On Fri, Jul 8, 2011 at 4:01 PM, Chris Bullock <cgbullock at yahoo.com> wrote:
I spent the day meeting with a security consultant regarding our current
> network. They kindly reprimanded me for the way I have my DMZ vs what he
> called
> best practices. I shouldn't be questioning their opinions since I am
> probably
> going to pay them to redo my work but I have the following question
> regarding
> DMZ placement. I would like the opinion to see what a majority of the
> people
> think and why. Here are the 2 options.
>
> I have some public IP addresses provided by my ISPs. I have lets say 6
> servers
> I need on my DMZ.
> Do I:
> 1. Give the servers Public IP addresses and create a DMZ interface on my
> firewall
> or
> 2. put the public IP addresses on my external interface, and put the
> servers in
> private IP space in a DMZ, off of a DMZ interface on the firewall.
>
More information about the TriLUG
mailing list