Firewall Wizards mailing list archives
RE: private frame relay outside of firewall
From: "Geoff Nordli" <geoff () gnaa net>
Date: Sun, 28 Mar 1999 17:41:34 -0800
I don't really want to filter / proxy traffic coming from the different branches. I guess I trust the telco. I convinced the telephone company to install a new router that has 2 interfaces to allow private frame traffic behind the firewall and then I will have all internet traffic on the outside of the wall. geoff -----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]On Behalf Of roger nebel Sent: Saturday, March 27, 1999 4:28 AM To: Geoff Nordli Cc: Firewall-Wizards (E-mail) Subject: Re: private frame relay outside of firewall we see this configuration a lot. the telco has two or more virtual frame connections (Private Virtual Circuits or PVCs) on the serial side of one router. those PVC's can be to the Internet and/or to other "private" connections. note that all the PVC's share the same telco switching fabric so you should make a decision about whether or not you need any traffic protection for confidentiality and integrity (normally encryption aka a VPN). this one router configuration saves costs for the telco (and possibly you) since only one router has to be provisioned and managed. if you trust the users on the other side of the frame cloud then you might bring that connection in behind the firewall on a separate router. if you don't trust what or who is coming in from the frame you isolate yourself behind the firewall. Geoff Nordli wrote:
Am I missing something about a firewall configuration with private frame relay? The layout of the network has the Internet and private frame relay traffic from other branches going directly into the outside of the firewall. There is only one connection coming from the router. The telephone
company
designed the network with internet connectivty. I would think that there should be 2 connections coming in. 1 from the private frame relay network, which goes behind the firewall. The 2nd
coming
in from the Internet, which goes in front of the firewall. Do you agree with this configuration thanks Geoff Nordli
Current thread:
- private frame relay outside of firewall Geoff Nordli (Mar 26)
- Re: private frame relay outside of firewall roger nebel (Mar 28)
- RE: private frame relay outside of firewall Geoff Nordli (Mar 29)
- <Possible follow-ups>
- RE: private frame relay outside of firewall Copp, Carlton (Mar 29)
- Re: private frame relay outside of firewall roger nebel (Mar 28)