dmz

jas0n · Dec 12, 2004

is there a need or benefit to have a dmz setup on a different subnet mask to
the rest of the network?

the main network is setup with 255.255.240.0 mask with a different subnet
for each site, the dmz is setup as 255.255.255.0 with the poor choice of
192.168.0.x network (im saying poor choice as its the default network of
many home lans)

Phillip Windell · Dec 12, 2004

It doen't sound like you have a DMZ to begin with.

DMZs, all types, are always completely separate and distinct subnets

Tri-Homed DMZs are always publicly registered IP#s.

Back-to-Back DMZs can be either public or private IP#s although using
private IP#s makes it more limited in capabilty and the use of publicly
registered IP#s is recommended.

Herb Martin · Dec 12, 2004

jas0n said:
is there a need or benefit to have a dmz setup on a different subnet mask to
the rest of the network?

No, and in fact the subnet mask is completely
unrelated to the (purposes of the) DMZ.

The subnet mask must however be appropriate
and correct to whatever network and subnet
scheme you use.

the main network is setup with 255.255.240.0 mask with a different subnet
for each site, the dmz is setup as 255.255.255.0 with the poor choice of
192.168.0.x network (im saying poor choice as its the default network of
many home lans)

A common DMZ design looks something like this.

Internet---OuterFirewall/Router---DMZ---InnerFirewallRouter--InnerNetwork
[/QUOTE]

Steven L Umbach · Dec 12, 2004

No rest for the wicked hmm? --- Steve

Phillip Windell said:
--
Phillip Windell
[At Home]
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

jas0n said:

is there a need or benefit to have a dmz setup on a different subnet mask
to
the rest of the network?

the main network is setup with 255.255.240.0 mask with a different subnet
for each site, the dmz is setup as 255.255.255.0 with the poor choice of
192.168.0.x network (im saying poor choice as its the default network of
many home lans)

Click to expand...

Phillip Windell · Dec 27, 2004

It's like an addiction,...I need therapy...

--
Phillip Windell
[At Home]

Steven L Umbach said:
No rest for the wicked hmm? --- Steve

Phillip Windell said:

--
Phillip Windell
[At Home]
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

jas0n said:

is there a need or benefit to have a dmz setup on a different subnet
mask to
the rest of the network?

the main network is setup with 255.255.240.0 mask with a different
subnet
for each site, the dmz is setup as 255.255.255.0 with the poor choice of
192.168.0.x network (im saying poor choice as its the default network of
many home lans)

Click to expand...

Click to expand...

Steve Riley [MSFT] · Dec 27, 2004

May I suggest news.addiction.i.cant.help.myself.please.make.me.stop.posting.now

--Steve

It's like an addiction,...I need therapy...

No rest for the wicked hmm? --- Steve

--
Phillip Windell
[At Home]
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

is there a need or benefit to have a dmz setup on a different
subnet
mask to
the rest of the network?
the main network is setup with 255.255.240.0 mask with a different
subnet
for each site, the dmz is setup as 255.255.255.0 with the poor
choice of
192.168.0.x network (im saying poor choice as its the default
network of
many home lans)

Click to expand...

Click to expand...

dmz

jas0n

Phillip Windell

Herb Martin

Steven L Umbach

Phillip Windell

Steve Riley [MSFT]