Corente’s DMZ implementation allows for two types of DMZ configurations:
Typical DMZ Configuration
In the most typical DMZ configuration, servers residing in the DMZ each use a single (1) Ethernet interface that is configured on a private subnet. All traffic to and from the DMZ (between the DMZ and both the LAN and the Internet/WAN) is managed by the Corente Virtual Services Gateway.
Alternate DMZ Configurations
There are two other possible DMZ configurations, both of which require two (2) Ethernet interfaces on each server in the DMZ: one interface is on the same private subnet as the Corente Virtual Services Gateway’s DMZ interface, and the other interface is on either the LAN side of the DMZ or the Internet/WAN side of the DMZ.
When the additional interface is on the LAN side of the DMZ, the gateway will handle security only for traffic between the Internet/WAN and the DMZ (using the DMZ to Internet Access partner—see Section C.8, “Configure Access to the DMZ on the Partners Tab”). You should not configure the LAN to DMZ Access partner.
When the additional interface is on the Internet/WAN side of the DMZ, the Corente Virtual Services Gateway will handle security only for traffic between the LAN and the DMZ (using the LAN to DMZ Access partner—see Section C.8, “Configure Access to the DMZ on the Partners Tab”). You should not configure the DMZ to Internet Access partner.
This means that, for both alternate configurations, you must supply your own security measures for the side that is not being protected by the gateway.