Firewalling between T-1's, an ATM switch and a switched office

[Steven Ackerman <ackerman_steven () yahoo com>]

Greetings,

I work for a small network consulting firm. Security
has not been researched or applied much prior to my
arrival. I am trying to change that, although I have
limited understanding and less experience.

The person I work for directly is trying to setup a
Watchguard box with content filtering between two
switches and 4 t-1 lines. The setup is as follows:

ATM switch with one incoming internet connection, 4
t-1's on the inside (each goes to a different school),
2 Ethernet ports. One ethernet (eth 0) port has a
cisco switch which connects another office. The second
(eth1) ethernet port connects a watchgaurd box. The
Watchgaurd box has 3 ethernet ports on it.

My boss wants to route incoming traffic through the
Eth0 port to the switch and then to the watchgaurd box
and to the appropriate t-1/school and visa verse
(sp?). It looks to me like this bypasses the firewall.

Can this work through ACL's at the ATM switch. Is this
unsafe. How can I explain this is unsafe to an admin
that doesn't see how it is unsafe when he can use
ACL's on source and destination IP's and ports?

Any help would be appreciated. Although I've followed
this and the other firewalls list's (and all the
infosec god's I know of) for years, I'm very new to
all this. This is my first hands on exposure to
security. 

-Steve



__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards