The dual-firewall architecture is more complex than the single-firewall architecture, but it is also a more secure overall design and provides for a much more granular level of control over traffic traversing the firewalls | Dual-Firewall Architecture The dual-firewall architecture is more complex than the single-firewall architecture but it is also a more secure overall design and provides for a much more granular level of control over traffic traversing the firewalls. This is because the architecture uses two firewalls ideally of different vendors and models to act as exterior and interior firewalls providing a DMZ segment between the two firewalls as shown in Figure 9-3. Like previous designs traffic is permitted into the DMZ segment as well as from the internal network to the external network but no traffic from the external network is permitted directly to the internal network. Figure 9-3. Dual-Firewall Architecture View full size image The granular control in a dual-firewall architecture comes from the fact that each firewall controls a subset of all the traffic entering and exiting a network. Because untrusted that is external traffic should never be allowed to directly access a trusted that is internal network the exterior firewall can be configured specifically to grant access to and from the DMZ segment and external systems. Similarly the interior firewall can be configured to grant access to and from the DMZ segment and internal resources. This allows for the creation of two distinct and independent points of control of all traffic into and out of all corporate network segments whether they are DMZ segments or internal network segments. When a dual-firewall architecture is implemented with different firewall models for example a Cisco PIX Firewall and a Microsoft ISA Server firewall you also gain additional security because an attacker would need to compromise two separate firewalls which will likely not be susceptible to the same attack methods to gain access to protected resources. In addition an attacker also needs to be knowledgeable in the workings of two different types of firewalls to tamper with the configurations. The downsides of a dual-firewall architecture relate