Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
5
Helpful
2
Replies

Designing a DMZ

cmiller
Level 1
Level 1

‎02-26-2003 10:55 AM - edited ‎03-09-2019 02:16 AM

How are DMZs usually designed? Are the systems in the DMZ usually given a private IP address and the outward bound interface(s) on the firewall are assigned multiple public IPs to corraspond with the internernal machines?

OR...

Do people assign public IP addresses to machines inside their DMZ and just use their firewall as a filter, not so much address translation?

Thanks!

-ee99ee (cmiller@intellithought.com)

Labels:
0 Helpful
2 Replies 2

steve.barlow
Level 7
Level 7

‎02-27-2003 10:44 AM

Generally devices on the DMZ are given private IPs and the firewall will NAT for them. NAT is so common now and fast that it introduces no delay. You also always want to hide your internal addressing scheme. You will also want to NAT between your inside and the DMZ (again, hide the addressing as much as possible).

In the case of the PIX, it is assigned one public IP on the outside interface and then you apply static NAT to map the public IP to the server on the DMZ. The interface only has the one IP but will respond (ie accept and forward) to packets destined for those servers on the DMZ.

Hope it helps.

Steve

cmiller
Level 1
Level 1
In response to steve.barlow

‎02-27-2003 11:17 AM

Thank you that is exactly what I was wanting to know. Answeres me question exactly! :-)

-ee99ee (cmiller@intellithought.com)

0 Helpful
Customers Also Viewed These Support Documents