Network Example
Figure 8-1 shows the London segment of the network example. In this diagram, a mixed-mode Screen, (lon-screen1) provides stealth protection on interfaces facing the internet and routing interfaces on the internal network. The stealth interfaces give the DMZ stealth protection for the mail server and the routing interfaces enable proxy user authentication to the internal network. The routing interfaces also allow internal access to the mail server and also internet access.
In this configuration, the hosts protected by the Screen have illegal IP addresses that give them web access to the Internet. The Screen also acts as an HTTP proxy and performs NAT for these hosts as well.
Note -
Use care when designing the security policy for the routing interfaces. An open policy on a routing interface (like qfe2 in this example), can expose the Screen to attacks, and can affect the stealth operation as well as negate the advantage of the stealth interface.
Figure 8-1 London Segment of the Sample Company Network
- © 2010, Oracle Corporation and/or its affiliates