Hello all, I'm considering the idea of allowing two incoming services through my firewall (FireWall-1): (1) a newsfeed from a well-known machine at my ISP (PSINet), straight to my news server; (2) email from anywhere to my mail server, but using FireWall-1 SMTP "security server"; this intercepts the connection and acts like an SMTP proxy, so that there's never a direct incoming connection to the internal server. So far I haven't though about moving these services to a DMZ, because in case (1) I allow in just one IP address which I would consider "trusted", and in case (2) I'm using an application proxy to protect my mail server. I'd like to hear your opinion on this configuration; would the (possibly) better security worth the extra costs and efforts of setting up a DMZ for those services? Regards, Riccardo
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:42 PDT