Posted by: Anonymous
on May 07, 2008 06:59 AM
There is no need to use separate subnets when using the "dual-NIC" system as a firewall. And you also have the ability to combine the "bridge" option with the firewall option. Allowing the system to bridge the two interfaces, pass network traffic, and firewall all of the traffic, same is true for the proxy example, and other traffic inspection solutions. All while being on the same subnet, and bridging the interfaces. One important feature when using a firewall in "bridge" mode is the ability to have no layer-3 (IP) addressing, and placing the system physically in-line, a more secure approach. Obviously you can also do this without bridging, using the two network interfaces separately, and thus requiring addressing/routing, but again a different subnet is not necessary.