Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
TSF Emeritus
Joined
·
16,395 Posts
I would rearrainge as follows:

firewall1
**** web servers behind firewall with port forwarding not in a dmz
firewall2
**** unsecured lan
firewall3
**** secured lan


this is assuming a single wan link.

Some will bring in a second wan link for just the web servers. Web servers have two nics with one going to the web and the other going to the corp network via a firewall for administration purposes.

You have no need to vlans or subnets beyond the three behind each firewall. Internal servers should be in the secured lan.

If you want to monitor getting hacked consider setting up a honeypot

firewall1
**** DMZ Honeypot
**** web servers behind firewall with port forwarding not in a dmz
firewall2
**** unsecured lan
firewall3
**** secured lan
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top