Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
Legend Legend
Legend

I suppose an argument could be made that NATting inbound traffic into a privately-addressed DMZ does provide some "security through obscurity" by hiding the server's true inside address from the outside world.  In some cases this true address will need to be known when trying certain types of exploit attempts against the server.  However there are so many ways that web servers in particular can leak their true IP address through error pages and such I'd say NATting really doesn't provide much security benefit, increases the complexity of the network slightly, and incurs some extra NAT processing on the firewall.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

(1)
Who rated this post