Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: separating the servers on a switch

From: m p <sumirati () yahoo de>
Date: Thu, 12 Sep 2002 20:22:36 +0200 (CEST)
 --- Shimon Silberschlag <shimons () bll co il> schrieb: > The servers need to
talk with the uplink (internet) servers, the

downlink (backend) servers. This is trivially done with the firewalls.
What we want to do is control which servers on the segment talk among
themselves.

Shimon Silberschlag


There is basicaly only one way to do it: Install firewalls (or packet filters)
in the different DMZs. It would look like (in good old ASCII art):

    |
    |  Uplink to the Internet
    |
 Firewall
    |
   DMZ public
    |
 Firewall
    |
    |  "Downlink"
    |


   DMZ private




----- Original Message -----
From: "m p" <sumirati () yahoo de>
To: "Shimon Silberschlag" <shimons () bll co il>
Sent: Thursday, September 12, 2002 15:56
Subject: Re: [fw-wiz] separating the servers on a switch



Hi Shimon,

please decompress your question && resend it.

thanks

marc

ps: look for the comment.

 --- Shimon Silberschlag <shimons () bll co il> schrieb: > Lets say we

have an

internet segment, protected by firewalls at both

ends. On that segment are various servers.
The servers need to talk to other servers outside the segment;

uplink

its the internet, downlink the backend servers.
Some of the servers need to be able to talk among them.


^-- from here on it is not clear which servers are which servers are

on which

link they are.


We want to control which server can talk to which other server (in

the

segment), utilizing one of the firewalls (lets say the uplink

one).

Can the group suggest ways to accomplish that? We thought about

using

L2 switches with "private VLAN", L3 switches with ACL, but

constantly

come across problems doing the routing properly.






__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Möchten Sie mit einem Gruß antworten? http://grusskarten.yahoo.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: