Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Real Traffic Testing

From: John Adams <jna () retina net>
Date: Fri, 24 Oct 2003 14:47:39 -0700 (PDT)


- Get traffic from OUTSIDE to INSIDE using TAP-1
- Get traffic from INSIDE to OUTSIDE using TAP-2


This looks like asymmetric routing to me, and I don't see how you're going 
to make this work.

Are these stateful firewalls? How are the two firewalls going to share the 
state table for inbound/outbound packets and handle them correctly? 


The problems:
- The traffic is directed to the MAC address of FW, so FW-test will drop it;


Well, the packets are rewritten by your outside router on the way in, and 
the router isn't going to know which firewall handled the transaction. 


Have you some idea to get the objectives?


You can't make this work unless the firewalls are in some sort of active, 
redundant configuraiton, with exactly the same configuartions and shared 
state tables.

 -john

-- 
J. Adams                                        http://www.retina.net/~jna


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: