In an answer to a previous question dated
, you said, "The DMZ segment of your network must use public IP addressing..."
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
This means that you have at least two registered real world address ranges -- one for the external interface of the firewall and one for the DMZ.
A more efficient use of address space is to use the registered external interface of the firewall and have inbound NAT rules to map to another private address space for the DMZ. You can then have as many hosts in your DMZ as you like.
Are there any implications or vulnerabilities that I may not have considered?
There are no vulnerabilities that I know of regarding using NAT that way. As long as your inbound NAT rules can handle all the mappings, there shouldn't be a problem. I stated public addressing simply because many people want to put a Web server in their DMZ, and that is more easily done using a public address. That way, DNS and routing aren't a real issue. If you are capable of setting up the appropriate NAT mappings that will still allow the proper DNS lookups and routing to work, then by all means do so. Sorry for any confusion that my answer may have caused.