The biggest benefit to use B2B DMZ is that ISA can make use of server / web publishing to control access to the DMZ servers, whereas in a third-leg DMZ, the traffic is controlled only through packet filters. PF have no knowledge of L4 and above, while the web proxy and firewall service have Extensions (web filters and application filters, respectively) that make them just a bit smarter than your average PF. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: Goktug Yildirim To: [ISAserver.org Discussion List] Sent: Thursday, January 31, 2002 03:38 Subject: [isalist] Why should I use back-to-back DMZ? http://www.ISAserver.org What is the difference between the traditional DMZ and ISA back-to-back DMZ with private addresses? What are the benefits? Why translating the public to private (as in back-to-back DMZ with private addresses on DMZ) is more secure than filtering public addresses (as in 3 NICs DMZ)? Thanks, ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')