Avanced secure Internet connection with several Internet exposed

This scenario is recommended for businesses with the following Internet requirements:

All (or specified) workstations and servers need access to the Internet No connection from the Internet is permitted to access the LAN

	Corporate e-mail and web site is located at the customer premises.
	Hardened security is required for DMZ and LAN, including dedicated IDS device

In the scenario above, the DMZ is connected through Firewall-1 and the access router to the Internet, and is connected to the LAN through Firewall-2. The dual firewall design provides multi-tier network protection so that if intruders penetrate the external Firewall-1, the LAN is still protected by Firewall-2. This design provides the system administrator the time to analyze his logs from the IDS hardware and update his security profile.