I have some servers on our inside network that have a secondary NIC for replication and failover purposes.
This secondary NIC on the inside servers is in it's own seperate VLAN (10.10.10.x).
We need to add this set up to a couple of DMZ servers.
I want to put the secondary NIC also behind the firewall to keep all interfaces on the DMZ servers secure.
My questions are:
Can I put the secondary NIC that will be on the DMZ interface of the firewall in the same subnet as the inside VLAN that the other servers are in?
(There are no interrfaces on the firewall in the 10.10.10.0 VLAN)
I am thinking I should be able to do that technically, but is it acceptable?
Is there any benifit to putting the DMZ in an entirely different subnet (172.16.200.0) and NATing to the 10.10.10.0 subnet from the inside interface?