RE: Remote site solution

[Joachim Thuau <Joachim.Thuau () heavy-iron com>]

You have a central hub location that is equipped with a juniper SRX240. You intend to secure all 50 remote location. Do 
I get this right?

Regarding mac address filtering:
        You can filter by mac addresses only on a lan (a mac address is a property of layer 2 frame, not a layer 3 
packet). All the packets that will come from a remote location (beyond your gateway) will be embedded in frames that 
have the mac address of your gateway/router.

You could setup some sort of inbound proxy at the hub that ignores anything that is not from your 50 remote locations. 
The problem with that is that you have no control over the IP addresses of your remote sites. They are using DHCP and 
may change at any time. 

I'm not familiar with the juniper solution, but I would assume that you could get some entry level box to each location 
and use those to establish VPN tunnels from each location to your central hub office. You would have to check with your 
juniper vendor to get pricing and information on how to proceed from there. Make sure your central office device (the 
SRX240) can take 50 VPN inbound, and that each office is outfitted with the proper equipment. 

I hope this helps...
Jok

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------