Manualshelf

Installation guide

ManualsBrandsMicroweb ManualsComputer equipmentPRO Series
31323334353637383940
Deployment Primer
2-3
Corporate LAN—These segments are located behind the internal firewall. The
configuration of the internal firewall passes traffic to machines on the corporate
LAN only when the traffic originates from computers inside the DMZ.
F
IGURE
2-1.
Two Firewalls with DMZ
This topology requires that all data inbound from the external servers (such as those on
the Internet) first pass through a server in the DMZ. It also requires that certain types of
data (for example HTTP and FTP packets), outbound from internal segments, pass
through a server in the DMZ. This forces the use of proxies such as IWSVA.
One Firewall with No DMZ
Some organizations have a firewall, but no DMZ. When using the “no DMZ” topology,
place the IWSVA server behind the firewall.
Because the IWSVA server is not isolated from the corporate LAN, there is one less
hop between external machines and machines on the corporate LAN. As shown in
the diagram, this results in two less steps for processing a request, one outbound
and one inbound.