Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX Design Question

I have a situation where I utilize CacheFlow devices to serve up web content for a high traffic web site. In considering new secure architecture - I have two options, creating two seperate DMZ segments - one for the redundant CacheFlows and another that contains the physical web servers. The other option is creating one multi-tiered DMZ segment that utilizes another PIX between the CacheFlow segment (Outside) to the segment (Inside) where the physical web servers reside. From a security perspective, what are some of the advantages/drawbacks of each design. Thanks for any help that you provide.

  • Other Security Subjects

Re: PIX Design Question

The phrase multi-tiered DMZ doesn't really ring a bell. I don't remember coming accross such a term or having read about such setups and that would translate to only one thing, tougher troubleshooting. I would definately recommend going in for a design similar to what you are likely to see deployed commonly. That would not only help while troubleshooting but also help since a wealth of documentation is likely to be available.

This widget could not be displayed.