On Wed, Mar 21, 2007 at 2:41 AM, Tarig Ahmed <tariq198...@hotmail.com> wrote: > We have wide range of Public IP addresses, I tried to assign public ip > directly to a server behined firewall( in DMZ), but I have been resisted. > Security guy told me is not correct to assign public ip to a server, it > should have private ip for security reasons. > > Is it true that NAT can provide more security? > > Thanks, > > Tarig Yassin Ahmed
I assume you are talking about the protection to the current running "public facing" servers, hence the NAT could not provide more protection to them compares to a proper configed firewall. However, for a small business who does not have its own ASN & Provider Independent IP block(s), a NAT (NAT44 and NAT66) could provide lots of protection on IT resources when there is a need to install multiple Internet access lines for providing quickly failover (manual or automatic, doesn't matter) and/or load-sharing capability to end users. -- Michel~
