Security Basics mailing list archives

RE: Firewall positioning in Large Network

From: "Hargiss, Jeff" <Jeff.Hargiss () anheuser-busch com>
Date: Wed, 20 Jun 2007 14:48:11 -0500

i am going to make some assumptions:

1. your internet connection is through your access switch
2. you are trying to protect your network from the internet
3. your access switch connects to your core switch
4. you are using layer 3 (iso model) switching (fast routing, as opposed to
layer 2 switching ((which is not routing))).

in that case:

FIREWALL --> ACCESS SWITCH --> CORE SWITCH 

the only thing that touches the core switches are other switches [access,
server, user, distribution] switches.
no users or servers touch the core directly.
no outside links touch the core directly.

many large networks/companies use firewalls internally also.
[between sensitive networks on the access switches]

in the "real world" you will see a mix of many things, a lot depends upon the
requirements & resources available.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Mubin Shaikh
Sent: Wednesday, June 20, 2007 6:34 AM
To: security-basics () securityfocus com
Subject: Firewall positioning in Large Network

Hi,

Question - 

What is the best logical placement for firewall in large network?

If I have 3000+ user organisation with both core and access switch available,
will i connect my firewall to core switch or access switch ? and why ?

Thanks
-Mubin


 
________________________________________________________________________________
____
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user panel and
lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 

The information transmitted (including attachments) is
covered by the Electronic Communications Privacy Act,
18 U.S.C. 2510-2521, is intended only for the person(s) or
entity/entities to which it is addressed and may contain
confidential and/or privileged material. Any review,
retransmission, dissemination or other use of, or taking
of any action in reliance upon, this information by persons
or entities other than the intended recipient(s) is prohibited.
If you received this in error, please contact the sender and
delete the material from any computer.

Current thread:

Firewall positioning in Large Network Mubin Shaikh (Jun 20)
- Re: Firewall positioning in Large Network Ansgar -59cobalt- Wiechers (Jun 20)
- RE: Firewall positioning in Large Network Hargiss, Jeff (Jun 20)
- RE: Firewall positioning in Large Network David Gillett (Jun 20)
- RE: Firewall positioning in Large Network Steve Armstrong (Jun 20)
  - RE: Firewall positioning in Large Network Mubin Shaikh (Jun 22)
    - RE: Firewall positioning in Large Network Jesse Eaton (Jun 22)
- RE: Firewall positioning in Large Network Hesham Sabry (Jun 20)
- Re: Firewall positioning in Large Network Brian Laing (Jun 28)
- <Possible follow-ups>
- Re: Re: Firewall positioning in Large Network evilwon12 (Jun 20)