Firewall Wizards mailing list archives

Re: Forwarding traffic to an active IDS/Firewall

From: "Dale W. Carder" <dwcarder () doit wisc edu>
Date: Thu, 21 Jul 2005 11:18:49 -0500

Thus spake Vinicius Pavanelli Vianna (ds () hacked com br) on Wed, Jul 13, 2005 at 06:39:35PM -0300:

Anyone knows how I can forward all traffic the came to a Cisco Catalyst
swith to an gateway to do some IDS/Firewall/Traffic Shape?


Use a policy route to force the next-hop.  I think that's the
closest thing to what you want.  However, given that traditional
switches are more or less agnostic to layer 3 information, you can't 
do that unless you have a switch with a routing card, or actually 
have a router.

If you're only looking for IDS stuff, most high end switches support
port mirroring.

So, a layer-2 solution could use vlans and have your IDS/Firewall/Traffic 
Shape thingy route, bridge, or proxy-arp between them.

Or, use a PC or some other device that can make switching decisions
based on higher level stack information.

Dale

----------------------------------
Dale W. Carder - Network Engineer  
University of Wisconsin at Madison 
http://net.doit.wisc.edu/~dwcarder

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Forwarding traffic to an active IDS/Firewall Vinicius Pavanelli Vianna (Jul 21)
- RE: Forwarding traffic to an active IDS/Firewall Paul Melson (Jul 21)
- Re: Forwarding traffic to an active IDS/Firewall Dale W. Carder (Jul 21)
  - Re: Forwarding traffic to an active IDS/Firewall Vinicius Pavanelli Vianna (Jul 22)
- Re: Forwarding traffic to an active IDS/Firewall Aaron Smith (Jul 21)