nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

perimeter network

bighornsheep

if there is such a network:

| subnet 1 | subnet 2

where | are firewalls.

is subnet 1 the perimeter network? or subnet 2?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

royal

Subnet 1 would be the best choice for the DMZ in this case and your internal network would be on Subnet 2. This is because you have a | and a | on both sides of Subnet 1. 1 would be your public facing firewall and the other would be your private facing firewall.

Internet - | Subnet 1 (DMZ) | Subnet 2 (Private)

bighornsheep

icroyal wrote:

Subnet 1 would be the best choice for the DMZ in this case

I dont mean implementing the perimeter network in above...I mean if the above was shown, and one was asked to identify the perimeter network, which would it be? Would subnet 1 definitely be the perimeter network?

royal

Yes, Subnet 1 definitely would be the perimeter network.

seuss_ssues

The type of setup you have described is often called a screened subnet with dual firewalls.

By having internet | subnet 1 (DMZ) | subnet 2 (internal)
you are providing alot of protection. Not only must an attacker compromise a single firewall but must pass an additional firewall to get to the less secure internal network. Additionally for added security it is advices to use 2 different devices as the firewalls. Two firewalls are no better than one if they are both susceptible to the same vulnerability. So if you were to properly setup firewall1 and harden your DMZ then properly setup firewall2 it would be extremely difficult to reach the internal network.

bighornsheep

Thanks, both of your descriptions were very helpful.

sprkymrk

seuss_ssues wrote:

Additionally for added security it is advices to use 2 different devices as the firewalls.

Although this could be a nice topic for another thread in the security forums, I just thought I would comment that there are actually 2 trains of thought on this. Most firewall vulnerabilities come not from any inherent flaw in the firewall itself, but rather in the admin misconfiguring the firewall, so having the same firewall on both ends of the screened subnet/dmz tends to make administration easier and less likely to run into a configuration issue.

But seuss_ssues is correct that many consultants do recommend different firewalls, although that concept is less common now than a few years ago.