[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Stealth firewall - Is possible under WIN2K?
Hi Rocky, Do these Lucent boxes support the IEEE standard which mandates the maximum Ethernet frame size increase to 1522 bytes from 1518 bytes (I think it's 802.3somethingsomthing)? In another words, can you extend a VLAN through these things? I couldn't find anything in their documentation concerning this. If so, this would allow you too put one of these in-between two layer-3 switches and create a PSN and a DMZ on one logical network through the use of VLANs; something which I've been trying to put together for about the last month. This means that your PSN and DMZ would appear to intruders as one logical network, but some of the segment would actually be protected by a layer-2 firewall. This would be handy, for instance, if you had an 2-tiered web server architecture with a database server and a web server. The database server, which should only be accessed by the web server, could be behind the layer-2 firewall in the PSN while the web server could be in the DMZ. It's basically a way of trying to out-think the blackhats... which I guess is a dangerous game. =) Thanks, Abe Abe L. Getchell - Security Engineer Division of System Support Services Kentucky Department of Education VoiceE-mail [email protected] Web http://www.kde.state.ky.us/ -----Original Message----- From: Rocky Stefano [mailto:[email protected]] Sent: Monday, February 19, 2001 4:44 PM To: Robert MacDonald; [email protected]; [email protected] Subject: RE: [FW1] Stealth firewall - Is possible under WIN2K? You can also grab Lucent's Brick http://www.lucent.com/ins/products/vpnfirewall/ . They can operate at layer two so you can stick them wherever you want and they're totally transparent. Rocky Stefano Echelon Systems Inc. [email protected] www.echelonsystems.com BFCellCell FaxSystems that work... ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------- This email may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you have received this email in error, please contact the sender and delete all copies. Opinions, conclusions or other information expressed or contained in this email are not given or endorsed by the sender unless otherwise affirmed independently by the sender. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------- -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Robert MacDonald Sent: Monday, February 19, 2001 3:33 PM To: [email protected]; [email protected] Subject: Re: [FW1] Stealth firewall - Is possibile under win2k? Stefano, If you truely mean between the router and the Internet(ISP), than you can't do that without somebody knowing. Firewalls would need to make use of IP addresses. With that said, you could, however look into Sun's Sunscreen. I think they allow for a transparent fw. If your looking to slip a real firewall behind the router, then it depends. How smart are the people you want to fool? If they have any network gray matter, you can't. If your looking to place the firewall in front of 'normal' users and your the only network administrator, not a problem. I'll assume(ack) that the internal clients are using the IP address of the router (B1) as their next hop in the default route and you not using ip unnumbered on the router(C1 = your ISP/public network) Let's use the following. You've got to love ASCII art - OK, so you don't. Internal<-->[B1]router[C1]<-->Internet You could place the fw into your network with the address of the routers internal IP address (B1). Then give the internal interface of the router a new network IP address and add an IP from the same network the external IP address of the fw. Now it would look like this and you wouldn't need to touch the internal systems. Internal<-->[B1]fw[D1]<-->[D2]router[C1]<-->Internet HTH. Robert (p.s. A1 is a reserved network, not to be used in this example ;-) - - Robert P. MacDonald Global Infrastructure Group, Haworth, Inc. Voice:email: [email protected] >>> "[OmNiY2K]" <[email protected]> 02/15/01 03:02AM >>> > >Hi to all, > >how can i configure firewall-1 to being a stealth firewall on win2k? I need to >put a firewall between router and my internet network in a transparent way....so >I can't assign IP addr to two NIC of firewall.... > >Bye, Stefano ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|