Security Basics mailing list archives
RE: Firewall positioning in Large Network
From: "Jesse Eaton" <jesse.eaton () gmail com>
Date: Fri, 22 Jun 2007 20:29:34 +0200
Then your answer is a relatively simple one. Your firewall should be placed at the Gateway, on your link to your upstream service provider. Of course, the important part now is to sit down and write out a configuration plan to address what services/ports or nodes needs specific access out to the external network, and maybe more importantly what service/port traffic you will allow in and to what machines. Do you serve public web pages, for instance? If your organization doesn't have any branch networks or VPN clients, for instance, then that inbound traffic should be pretty limited... Hope this helps. -Jesse -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mubin Shaikh Sent: Thursday, June 21, 2007 5:47 PM To: Steve Armstrong; security-basics () securityfocus com Subject: RE: Firewall positioning in Large Network Hi, There is flat network (no VLAN). This firewall is the ONLY firewall in network. This firewall's main function is to protect internal network (trusted LAN) from external world (internet). All the users are in LAN. Hope i am able to put all required information. Regards -Mubin --- Steve Armstrong <stevearmstrong () logicallysecure com> wrote:
Mubin Sorry for being curt, but I think we would need a little more information as to what you are trying to protect and from whom. Firewalls are designed to separate LANs of differing risk and user groups, but your email seems to lack <any> clarification of where your users sit in relation to the data you wish to protect. Steve A -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mubin Shaikh Sent: 20 June 2007 12:34 To: security-basics () securityfocus com Subject: Firewall positioning in Large Network Hi, Question - What is the best logical placement for firewall in large network? If I have 3000+ user organisation with both core and access switch available, will i connect my firewall to core switch or access switch ? and why ? Thanks -Mubin
________________________________________________________________________
____________ Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us.
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
____________________________________________________________________________ ________ It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. http://tools.search.yahoo.com/toolbar/features/mail/
Current thread:
- Firewall positioning in Large Network Mubin Shaikh (Jun 20)
- Re: Firewall positioning in Large Network Ansgar -59cobalt- Wiechers (Jun 20)
- RE: Firewall positioning in Large Network Hargiss, Jeff (Jun 20)
- RE: Firewall positioning in Large Network David Gillett (Jun 20)
- RE: Firewall positioning in Large Network Steve Armstrong (Jun 20)
- RE: Firewall positioning in Large Network Mubin Shaikh (Jun 22)
- RE: Firewall positioning in Large Network Jesse Eaton (Jun 22)
- RE: Firewall positioning in Large Network Mubin Shaikh (Jun 22)
- RE: Firewall positioning in Large Network Hesham Sabry (Jun 20)
- Re: Firewall positioning in Large Network Brian Laing (Jun 28)
- <Possible follow-ups>
- Re: Re: Firewall positioning in Large Network evilwon12 (Jun 20)