DMZ & DHCP

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

My company is in the process of repartitioning the network, including
the adoption of a DMZ for all of our web based servers and wireless
clients.
All DMZ computers will use private IP addresses with NAT for any public
access required.
My question is this: For the wireless clients in the DMZ I need to have
DHCP available. Should I allow this traffic through the router /
firewall's internal interfaces and try to use my existing DHCP
server? Or should I install DHCP on one of the DMZ computers? I'm
leaning towards allowing DHCP using my existing server if possible. If
I can do this what do I need to do to specify the use of a second DHCP
zone?
My DHCP server is running Windows 2003 with the standard Microsoft DHCP
server.
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

I want to put all the WAPs into the DMZ so that anyone who wants access
to resources on the internal network has to VPN in over the wireless.
To do that with our existing infrastructure I need DHCP. I'll just pick
one of the servers I'm migrating into the DMZ and install another copy
of Microsoft's DHCP client there. Definitely the most straightforward
solution.
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

<timbrigham@gmail.com> wrote in message
news:1127752555.574988.319530@g44g2000cwa.googlegroups.com...
> My company is in the process of repartitioning the network, including
> the adoption of a DMZ for all of our web based servers and wireless
> clients.
> All DMZ computers will use private IP addresses with NAT for any public
> access required.
> My question is this: For the wireless clients in the DMZ I need to have
> DHCP available. Should I allow this traffic through the router /
> firewall's internal interfaces and try to use my existing DHCP
> server? Or should I install DHCP on one of the DMZ computers? I'm
> leaning towards allowing DHCP using my existing server if possible. If
> I can do this what do I need to do to specify the use of a second DHCP
> zone?
> My DHCP server is running Windows 2003 with the standard Microsoft DHCP
> server.

I think I would use a separate dhcp server in the dmz -- setting up a dhcp
server to dish out ip's in a range that it's not even participating in would
be ugly. Why allow such traffic across the dmz boundary?

And btw why do you need DHCP in your DMZ? Aren't the servers using static
IP's? If not, how do you reach them from the other zones?

-Russ.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom