Forum Discussion
Hamish
Aug 24, 2011Cirrocumulus
If you're going down the route of a single device, I'd recommend something like a virprion with vCMP... Best of both worlds :)
Although the 8900 is perfectly capable of doing the segregation between DMZ and internal itself, I would tend not to... There's too much chance of mis-configurations leaving yourself open... With separate devices, you have to misconfigure a lot more before opening yourself up. Which is important when the people who may be doing the config later may not be in full knowledge of the design decisions made to ensure your security.
H