Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1436
  • Last Modified:

Is DMZ suppose to be in trust-zone or in untrust-zone?

We're trying to use a DMZ for our servers, but my network guy has setup the DMZ in a trust-zone. But to my understanding, a DMZ should be in untrust-zone and then we should control the traffic between DMZ and the trust zone.

Can you please tell me which one is correct? (Trust zone or untrust zone?)

And if it is in trust zone, why?
0
SW111
Asked:
SW111
  • 2
  • 2
1 Solution
 
blissbearCommented:
DMZ is usually implimented to allow all access to an IP address without any firewall or filtering or translation rules.  Basically anything that accesses your firewall that isn't assigned a translation rule will be forwarded to the DMZ address.  This is useful for monitoring all access to your firewall that isn't normal.
0
 
SW111Author Commented:
Hello. DOesnt exactly answer my question:
1. is it supposed to be in trust zone or untrust zone?
2. if trust zone, why?

I just realized that I might be using a juniper-specific term because I'm using Juniper SSG for my firewall. (But I suspect the concept is all the same).
0
 
blissbearCommented:
Personally I would put the target machine you are using for DMZ in an untrusted zone so it doesn't have access to your LAN.

If you are not dedicating an individual server to the DMZ, I wouldn't bother implimenting it, as the risks to your network are increased.
0
 
SW111Author Commented:
Thanks. It seems logical to me, but my network guy says that juniper manual seems to have other ideas. We do have dedicated servers for servicing customers via internet, which I think should be in the DMZ.
Thanks Again for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now