My configuration is a router and firewall, with a private network and a DMZ hanging off the firewall.
1) Both the firewall and the router can do firewall and NAT capabilities. How do split up the services? Or do I make them redundant? For example, I can block internal IP addresses at either place. Which makes the most sense? I see there is a trade-off inoffloading one device that will lead to more load on the other. 2) Should I use internal IP addresses in the DMZ and NAT them at the router or use public addresses in the DMZ? What are the trade-offs?- posted
18 years ago