NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Switch vs Hubs and VLANS



VLANS are the minimum you should consider for separating your DMZ from your
outside interface.

However, I wouldn't go this way as your security architecture is then
dependent on the quality/performance of your switch manufacturers
implementation of VLAN segregation. Your expensive firewall could be
circumvented by exploiting a bug in a relatively cheap switch.

You also have the additional risk of maintaining your VLAN configuration

Given the cost of a couple of IP440s and annual software /hardware
maintenance, why take such a risk.  Just buy two switches.

Regards,

Keven

-----Original Message-----
From: McDougle, Clovis-PxL [mailto:[email protected]]
Sent: 28 January 2002 09:32
To: [email protected]
Subject: [FW-1] Switch vs Hubs and VLANS



I have a pair of Nokia IP440 setup with VRRP running FW1 V4.1

I have been told that using a switch instead of a hub is more secure, can
someone please confirm if this is so.

Also If I use a switch, can I use VLANS, so I can setup half the switch for
my DMz and half for the outside Interfaces.

Regards
________________________________________________________________________
Clovis Alexander McDougle
New Technologies Manager, Computer Services
Tel: +44 (0) 1303 236750, E-mail: [email protected]

Portex Limited, Hythe, Kent CT21 6JL, UK
Incorporated in England under No:362847
Registered office: 765 Finchley Road, London NW11 8DS, UK

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you are not the intended recipient please notify us immediately by
telephoning and asking for me. You should not copy it or use it for any
purpose and not disclose it to anyone else. This E-mail is not intended to
constitute a commitment or an offer to enter into a contract by Portex
Limited or affiliated company.




********************************************************************

This email may contain information which is privileged or confidential. If you are not the intended recipient of this email, please notify the sender immediately and delete it without reading, copying, storing, forwarding or disclosing its contents to any other person
Thank you

Check us out at http://www.syntegra.com

********************************************************************

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.