[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] How does "route mapping" compare with VLAN in terms ofseparation

Subject: Re: [FW1] How does "route mapping" compare with VLAN in terms ofseparation
From: Bill Husler <BHusler@PacBell.net>
Date: Mon, 06 Nov 2000 12:10:29 -0800
Cc: "'Fw-1-Mailinglist (E-mail)'" <fw-1-mailinglist@lists.us.checkpoint.com>


We haven't been able to find LAN support that actually exists for Sun Boxes. 
We started down
that path, but Sun was unable to provide the part numbers ... Last thing I 
heard was that the
next release of the GB NCI, but there was nothing today.
Bill

CryptoTech wrote:

> Have you experimented with having VLAN support on the Sun Boxes?  This 
>should allow you to
> see each vlan as a separate 'adapter' on the sun box.
>
> Bill Husler wrote:
>
> > We have mandated that networks on different sides of firewalls be 
>physically isolated,
> > but allow networks of a similar nature (multiple DMZs) to reside on 
>common hardware
> > (single switch) so long as the traffic must flow through the firewall to 
>move from one
> > network to the other (multiple VLANs no routers).  Due to technical 
>restrictions in our
> > current environment (Sun firewalls, Cisco 55k switches, some of these 
>common switch
> > environments require multiple NICs on the firewall (one for each VLAN). 
>In an effort to
> > reduce the number of NICs required, our networking folks have suggested 
>that we use
> > routers and take advantage of a feature called "route mapping" to force 
>the traffic
> > through the firewalls. I am concerned that the use of routers and "route 
>mapping" to
> > separate the traffic may be significantly lowering the bar from no router 
>between
> > multiple VLANs, but thought I should check with a suitably paranoid group 
>of Firewall
> > engineers and see if there are any suggestions or ideas from this group.
> > Bill
> >
> > 
>================================================================================
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > 
>================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Multiple WAN Links.
Next by Date: [FW1] FW1 with NAV for Firewalls
Prev by thread: Re: [FW1] secure remote
Next by thread: [FW1] FW1 with NAV for Firewalls
Index(es):
- Date
- Thread