Solved

Is DMZ suppose to be in trust-zone or in untrust-zone?

Posted on 2009-04-04
4
1,311 Views
Last Modified: 2012-05-06
We're trying to use a DMZ for our servers, but my network guy has setup the DMZ in a trust-zone. But to my understanding, a DMZ should be in untrust-zone and then we should control the traffic between DMZ and the trust zone.

Can you please tell me which one is correct? (Trust zone or untrust zone?)

And if it is in trust zone, why?
0
Comment
Question by:SW111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:blissbear
ID: 24070127
DMZ is usually implimented to allow all access to an IP address without any firewall or filtering or translation rules.  Basically anything that accesses your firewall that isn't assigned a translation rule will be forwarded to the DMZ address.  This is useful for monitoring all access to your firewall that isn't normal.
0
 

Author Comment

by:SW111
ID: 24070138
Hello. DOesnt exactly answer my question:
1. is it supposed to be in trust zone or untrust zone?
2. if trust zone, why?

I just realized that I might be using a juniper-specific term because I'm using Juniper SSG for my firewall. (But I suspect the concept is all the same).
0
 
LVL 4

Accepted Solution

by:
blissbear earned 125 total points
ID: 24070168
Personally I would put the target machine you are using for DMZ in an untrusted zone so it doesn't have access to your LAN.

If you are not dedicating an individual server to the DMZ, I wouldn't bother implimenting it, as the risks to your network are increased.
0
 

Author Closing Comment

by:SW111
ID: 31566697
Thanks. It seems logical to me, but my network guy says that juniper manual seems to have other ideas. We do have dedicated servers for servicing customers via internet, which I think should be in the DMZ.
Thanks Again for your help.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question