Firewall Wizards mailing list archives
RE: Is it possible at all ...?
From: Johann van Duyn <johann.vanduyn () appleton com>
Date: Tue, 26 Sep 2000 00:36:12 +0200
I don't see why you need to be able to browse the DMZ... machines on a DMZ should be stand-alone servers, not NT domain members, and definitely not domain controllers. You should setup comms between the DMZ and the inside network in such a way that only the absolute, bare minimum of traffic is allowed to pass between the two in order to enable your applications to work. Browsing the DMZ, and (horror of horrors!) having an NT domain controller on a DMZ, are NOT GOOD. Yeah, I know... it makes managing the whole kaboodle a bit more of a schlepp, but nobody (except the salesman) ever said that good security would come easily. :-) -----Original Message----- From: Chris [mailto:puetzc () yahoo com] Sent: 25 August 2000 23:21 To: firewall-wizards () nfr net Subject: [fw-wiz] Is it possible at all ...? I have my firewall hooked up. So far things are going not too bad. One problem I have is that I have all machines in one Windows NT domain even if they are on different IP networks. I'd like setup the DMZ and the Inside as follows, so that the domain controllers can exchange information, browsing works, NT user authentication and all the typical NT Domain stuff work. The firewall is a Cisco Pix. Is that possible at all? I opened ports 135,137,138,139 between the DMZ and the Inside but I do not get it to work? Any help is appreciated!! Chris __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards ***The Appleton Group Ltd*** This message, including any attachments, is intended only for the individual or institution to which it is addressed and may contain information that is privileged, confidential or prohibited from disclosure or unauthorized use. If the recipient of this transmission is not the intended recipient, you are hereby notified that any use, reproduction dissemination, copying, disclosure, modification, distribution and/or publication of this email message or any of its attachments other than by its intended recipient is strictly prohibited by the sender. If you have received this message in error, please notify The Appleton Group Ltd immediately at postmaster () appleton com and destroy the message and all copies thereof in your possession. **************************** _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: Is it possible at all ...? Johann van Duyn (Sep 25)