11.1. DMZ Network Design
Traditionally, the DMZ network design was done at the router level. A separate interface was added to the router, and a network segment was set aside strictly for the public servers. This network segment is connected directly through a router interface, and none of the traffic destined for the servers is routed through the firewall (Figure 11.1).
Figure 11.1. A traditional DMZ design: The DMZ network terminates at the router, and none of the DMZ servers are protected by the firewall
The problem with this traditional design is that it does not adequately take into account the security needs for these public servers. ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.