Security Basics mailing list archives
RE: Firewall positioning in Large Network
From: "Hargiss, Jeff" <Jeff.Hargiss () anheuser-busch com>
Date: Wed, 20 Jun 2007 14:48:11 -0500
i am going to make some assumptions: 1. your internet connection is through your access switch 2. you are trying to protect your network from the internet 3. your access switch connects to your core switch 4. you are using layer 3 (iso model) switching (fast routing, as opposed to layer 2 switching ((which is not routing))). in that case: FIREWALL --> ACCESS SWITCH --> CORE SWITCH the only thing that touches the core switches are other switches [access, server, user, distribution] switches. no users or servers touch the core directly. no outside links touch the core directly. many large networks/companies use firewalls internally also. [between sensitive networks on the access switches] in the "real world" you will see a mix of many things, a lot depends upon the requirements & resources available. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mubin Shaikh Sent: Wednesday, June 20, 2007 6:34 AM To: security-basics () securityfocus com Subject: Firewall positioning in Large Network Hi, Question - What is the best logical placement for firewall in large network? If I have 3000+ user organisation with both core and access switch available, will i connect my firewall to core switch or access switch ? and why ? Thanks -Mubin ________________________________________________________________________________ ____ Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 The information transmitted (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is intended only for the person(s) or entity/entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
Current thread:
- Firewall positioning in Large Network Mubin Shaikh (Jun 20)
- Re: Firewall positioning in Large Network Ansgar -59cobalt- Wiechers (Jun 20)
- RE: Firewall positioning in Large Network Hargiss, Jeff (Jun 20)
- RE: Firewall positioning in Large Network David Gillett (Jun 20)
- RE: Firewall positioning in Large Network Steve Armstrong (Jun 20)
- RE: Firewall positioning in Large Network Mubin Shaikh (Jun 22)
- RE: Firewall positioning in Large Network Jesse Eaton (Jun 22)
- RE: Firewall positioning in Large Network Mubin Shaikh (Jun 22)
- RE: Firewall positioning in Large Network Hesham Sabry (Jun 20)
- Re: Firewall positioning in Large Network Brian Laing (Jun 28)
- <Possible follow-ups>
- Re: Re: Firewall positioning in Large Network evilwon12 (Jun 20)