Security Basics mailing list archives
Re: Firewall positioning in Large Network
From: Brian Laing <brian () Redseal net>
Date: Wed, 27 Jun 2007 10:41:19 -0700
Mubin, This is a tough question to answer without a better understanding of your network and the various services running on it. It also comes down to a security methodology of do you want physical or logical separation. For example I prefer to have the perimeter devices as physically separate as possible. I have seen people connect their boarder router, F/W, and dmz severs all onto the same core switch. This just scares me. I typically like the boarder router and fw on one smaller switch and dmz on a second, then core on a 3rd. Not all environments can due this. you may want to take a look at our website http://www.redseal.net I would be happy to hook you up with a demo of our software, I would even do a webex once you have it up and running to help you with this question. Let me know if your interested. Cheers, Brian -------------------------------------------------------------------- Brian Laing Chief Security Officer Cellphone: +1 650.280.2389 Office: +1 (888) 845-8169 Ext. 805 Email: brian () redseal net Redseal Systems http://www.redseal.net Instant Visibility. Threats Averted. ------------------------------------------------------------------- From: Mubin Shaikh <mubines () yahoo com> Date: Wed, 20 Jun 2007 04:34:04 -0700 (PDT) To: <security-basics () securityfocus com> Subject: Firewall positioning in Large Network Resent-From: <security-basics-return-44888 () securityfocus com> Resent-Date: Wed, 20 Jun 2007 11:28:53 -0600 (MDT) Hi, Question - What is the best logical placement for firewall in large network? If I have 3000+ user organisation with both core and access switch available, will i connect my firewall to core switch or access switch ? and why ? Thanks -Mubin ____________________________________________________________________________ ________ Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
Current thread:
- Firewall positioning in Large Network Mubin Shaikh (Jun 20)
- Re: Firewall positioning in Large Network Ansgar -59cobalt- Wiechers (Jun 20)
- RE: Firewall positioning in Large Network Hargiss, Jeff (Jun 20)
- RE: Firewall positioning in Large Network David Gillett (Jun 20)
- RE: Firewall positioning in Large Network Steve Armstrong (Jun 20)
- RE: Firewall positioning in Large Network Mubin Shaikh (Jun 22)
- RE: Firewall positioning in Large Network Jesse Eaton (Jun 22)
- RE: Firewall positioning in Large Network Mubin Shaikh (Jun 22)
- RE: Firewall positioning in Large Network Hesham Sabry (Jun 20)
- Re: Firewall positioning in Large Network Brian Laing (Jun 28)
- <Possible follow-ups>
- Re: Re: Firewall positioning in Large Network evilwon12 (Jun 20)