I have a question for the network security gurus out there.....
We have a 3-firewall structure:
\ \ \
Inet / DMZ1 / DMZ2 / Core
\ \ \
/ / /
The \ represent the firewalls.
Inet is the internet and core is the core network.
The current debate surrounds 2 architectures:
Arch 1:
DMZ1 houses multiple hardened web servers.
DMZ2 houses the App Servers, LDAP Servers, etc.
Arch 2:
DMZ1 houses a hardened reverse proxy.
DMZ2 houses web servers, LDAP servers, App Servers, etc.
Any thoughts on the pros/cons of either approach?
(text/plain)