10-29-2014 01:14 PM - edited 03-17-2019 12:44 AM
Hi All
There is a firewall between DMZ and Internal network. We have used expressway E as dual interfaces one is in the DMZ and other is in the internal network.
Clint is insisting that there is security risk deploying expressway in this way? Please advice
Thanks
10-30-2014 01:45 AM
Your Client is right!
Expressway E is supposed to be connected to the DMZ network.
If you can use an offical ip without nat address you only need 1 interface.
If you have to use nat then you will need two dmz networks.
You can find information within the Configuration Guides:
http://www.cisco.com/c/en/us/support/unified-communications/expressway-series/products-installation-and-configuration-guides-list.html
10-31-2014 05:51 AM
If that host gets compromised then the attacker will be able to innitiate traffics to both interfaces without going across the firewall.
My Question is there any security risk deploying expressway in this way one interface is in DMZ and other is in internal?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide