Firewall behind DMZ?

[bupati]

Hi guys,

I have smoothwall firewall running behind my adsl router. My smoothwall firewall have DMZ area for my server, I've got apache server, ssh server, and mysql server running as single server with different internal DMZ IP.

So my question is do I have to make another firewall to hardened my servers inside the dmz?? cause I think I can install guarddog firewall (internally) on every servers (all of them running linux except ssh server running OpenBSD 3.9) .

Or.. just smoothwall firewall (hardware firewall) already enough protection for my dmz ..?? it means I just hardened my servers without another firewall...



Thanks

[Net2Infinity]

If you had 2 firewalls you would have the same ports open , so it would just be security through obscurity. I would focus more on your firewall configuration and the patch level of your boxes. In addition I would run apache on Openbsd and the same for the ssh server. To me it seems like alot of servers for a dsl connection.

[jockey0109]

I agree with Net2Infinity. Of course there is no reason of putting up two FIREWALLs on one server at all...after all you will have to open the ports you need on both the firewall and block the rest...and it can be done pretty well by a single FIREWALL only. I think your configuration is very OK as it should be.