View Single Post
  #4   (View Single Post)  
Old 17th September 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,188
Default

More on routing:

{internet} - [Firewall A] - DMZ Web servers 10.1.1/24 - [Firewall B] - DBs and Users 192.168.1/24

Firewall A also needs a route to the inner subnet, not just the DMZ servers. That's if Firewall B is not using NAT -- it typically would not be. If Firewall B is using NAT, however, then the inner subnet's traffic is all translated into Firewall B's address on the 10.1.1 network.

Isn't networking fun? There are so many things to misconfigure.
Reply With Quote