Basic setup of DMZ (IP address allocations to different components)

Posted on 2004-11-24
Last Modified: 2010-07-27
I want to setup a DMZ for the first time using ISA 2004 for a webserver. It will be a trihomed DMZ and what I need help with is the IP address allocations.
Say we have been assigned the following public IP address block - /
Now the routers Ip address is
On the internet side, the firewall's NIC will be
Then do I make the IP of the NIC on the DMZ side and then the Webserver in the DMZ will have the IP
The firewall NIC on the LAN side will have the IP and every other Server/PC on the LAN will follow in this range (

So my main question is, is this break down correct or should the IP address allocations for the DMZ part be different, and if different what should it be for the DMZ and the Webserver.

Much appreciate the help
Question by:mailnovice
    1 Comment
    LVL 9

    Accepted Solution

    For a tri-homed dmz your exactly correct. Your DMZ is public, therefore it the firewall's DMZ NIC and all machines in the DMZ will utilize external IP addresses within your provided range. Your correct with all your statements.

    Here is a good link that explains it for ISA "Tri-homed" section is of interest to you.

    Hope it helps

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now