Secure Internet Connection with hosting one or more Internet exposed service

This scenario is recommended for businesses with the following Internet requirements:

All (or specified) workstations and servers need access to the Internet  No connection from the Internet is permitted to access the LAN  Corporate e-mail and web site is located at the customer premises.

In the above scenario a router with integrated Firewall and intruder detection system (IDS) is put in place between the Internet, LAN, and the DMZ.

The router acts as:

	Connectivity device between the Internet, LAN and DMZ
	Firewall which controls data flow, allowing specified traffic from the LAN to the Internet and DMZ as well as from Internet to the DMZ
	Firewall to prevent all traffic originating from the Internet to access the LAN, while permitting traffic
	from the DMZ to access the LAN or Internet
	IDS which alerts administrator and terminates intrusion attempts.