Question on network setup (simple question)

Posted on 2004-11-26
Last Modified: 2010-04-11
Simple question:

Say you have a network like this:

DMZ (www server, mail server etc)
Internal Clients

What would the default gateway be for the internal clients? One of the interfaces on the firewall? Or do companies throw a router on the internal side ?

Question by:dissolved
    LVL 12

    Accepted Solution

    The default gateway for the internal clients would be whatever device woul dbe the next hop to the Internet, as per the above diagram, The closest Firewall to the LAN. Now can the Firewall actually act as a router is dependant upon the Firewall type used. In any case, the Firewall is going to filter packets based on rules and forward them to the next hop, this can be either thru a built-in router or static routes from one interface to another (inside to outside; or in the above diagram the DMZ).
    LVL 6

    Expert Comment

    What machine is giving out ips?
    Is it one of the servers or one of the devices?
    LVL 18

    Assisted Solution

    The inside firewall in your drawing should be the default gateway.
    The default gateway is any device that knows where to send traffic not destined for the local network. In your drawing it is the only device on the local network, and therefore the only one the internal clients would know how communicate with.

    Author Comment

    thanks guys. Is this a typical setup for companies? To have the firewall as the gateway for their internal clients. Just wondering if companies do this, or buy a second router for internal clients. I guess you could use a layer 3 switch too...
    LVL 79

    Assisted Solution

    >What would the default gateway be for the internal clients? One of the interfaces on the firewall? Or do companies throw a router on the internal side ?
    The default would have to be the firewall, but if there are any VLANs or other subnets, or private WAN connections, then there is typically another router on the inside. The problem with using the firewall as the gateway lies in its inability to redirect packets to a different inside host. Routers do this by default, most firewalls do not (certainly not PIX), so it can sometimes be problematic without another inside router or L3 switch.

    Author Comment

    thanks lrmoore. All I needed to know

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video discusses moving either the default database or any database to a new volume.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now