Mitel Inter-Tel 5000 Installation And Maintenance Manual page 408

Appendix B: Network IP Topology
Public (Untrusted) Networks
In some environments, DMZs are implemented in what is referred to as a two-tier architecture
using two firewalls as shown in the following example. In this environment, the DMZ is between
the inside trusted network and the outside untrusted network. The security issues are still the
same, but the configuration is split between the two firewalls.
In addition to providing protection, firewalls also perform a Network Address Translation (NAT)
function (described in "Terminology" on
to public IP addresses as packets go out through the firewall. As a general rule, IP telephony
devices do not perform well when the communications must pass through a device performing
NAT.
Page B-10
Communication from the
Internet to the Private
network is blocked
unless it was initiated
from an internal party (a
response)
Internet
(Untrusted )
Communication from the
Internet to the DMZ is
limited to specific sources,
destinations, and
applications (ports)
DMZ
Network
Communication from the
DMZ to the internal
network is limited to
specific sources,
destinations, and
applications (ports)
Private Network
(Trusted)
page B-2) in which private IP addresses are converted
®
Inter-Tel 5000 Installation Manual – Issue 2.4, May 2008