Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN vs Firewall - Your Thoughts

To: [email protected]
Subject: Re: [FW-1] VPN vs Firewall - Your Thoughts
From: "Barber, Jeff @ CKE" <[email protected]>
Date: Wed, 8 May 2002 10:31:53 -0700
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: RE: [FW-1] VPN vs Firewall - Your Thoughts

I greatly appreciate all the responses to my question. You guys have cleared this up for me and now I am able to explain the pros and cons for placing the VPN outside or behind the firewall to my management.

From a network design perspective, I think having the VPN IPSEC traffic come thru the firewall to a CISCO VPN device, then the unencrypted CISCO traffic will be forwarded back to the firewall for filtering on a different interface. The firewall will then pass the permitted traffic to the internal network.

My choice in doing it this way with the Cisco's is to cut down on the encrypt/decrypt processing of the firewall.

Thanks Again
-J

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Barber,
Jeff @ CKE
Sent: Tuesday, May 07, 2002 10:53 AM
To: [email protected]
Subject: [FW-1] VPN vs Firewall - Your Thoughts

Hey All
I am having some mixed thoughts on the difference between a VPN and a
Firewall.
A VPN allows for encrypted traffic to and from 2 or more points. A Firewall
protects networks by allowing or denying packets.
If I have a CISCO to CISCO VPN that does NOT go through a Firewall before
entering the internal network, am I secure?
Some will argue that VPN devices such as CISCO can act as firewalls by
adding ACL's. My stance is that anything entering into the internal network
should go thru my CHECKPOINT Firewalls.
Looking for your professional thoughts and opinions.
J. Barber - ccse,scsa
Information Technology

When I see the sea once more,
would the sea have seen or not seen me?

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] VPN vs Firewall - Your Thoughts
  - From: Chris Jenkins <[email protected]>

Prev by Date: [FW-1]
Next by Date: Re: [FW-1] AudioGalaxy
Previous by thread: Re: [FW-1] VPN vs Firewall - Your Thoughts
Next by thread: Re: [FW-1] VPN vs Firewall - Your Thoughts
Index(es):
- Date
- Thread