| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] How does "route mapping" compare with VLAN in terms of separation
We have mandated that networks on different sides of firewalls be physically isolated,
but allow networks of a similar nature (multiple DMZs) to reside on common hardware
(single switch) so long as the traffic must flow through the firewall to move from one
network to the other (multiple VLANs no routers). Due to technical restrictions in our
current environment (Sun firewalls, Cisco 55k switches, some of these common switch
environments require multiple NICs on the firewall (one for each VLAN). In an effort to
reduce the number of NICs required, our networking folks have suggested that we use
routers and take advantage of a feature called "route mapping" to force the traffic
through the firewalls. I am concerned that the use of routers and "route mapping" to
separate the traffic may be significantly lowering the bar from no router between
multiple VLANs, but thought I should check with a suitably paranoid group of Firewall
engineers and see if there are any suggestions or ideas from this group.
Bill
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
