---------- Forwarded message ----------
From: Mark Wass <mark dot wass at market dash analyst dot com>
>> So like this Chris, is this correct?
Yes. It could also be more than just three. Depends on your needs. I
think I read where somehwere on this list, someone posted using 6 or 8
>> And the IP of the LAN interface on MonoWall1 is 220.127.116.11 /24
>> Will I still be able to access the servers in the DMZ from the Private LAN?
Yes and No. The No answer is listed in the documentation and has been
asked a hundred times. I don't remember off-hand the reason, except
no. However, If you run your own internal secondary DNS, then Yes.
While our servers are public to the internet, I have 1:1 NAT setup to
each server on DMZ. For LAN clients needing to get to DMZ or LAN
servers, I added a Host name in the internal DNS
>> Will I still be able to NAT to servers in the Private LAN from the
>> Will I still be able to NAT to servers in the DMZ from the Internet?
>> Does having 2 MonoWalls setup like in my first picture make anything
any more secure? Personally I think it makes thing more complex than
Layers always add security. But from what I have read, whether you had
11 or 10 inline firewalls, a hack coming in on port 80 will always get
in. It's just as important to make sure the server is secure...in a a
"very" small nutshell.