Firewall Wizards mailing list archives
RE: vpn end-point
From: Frederick M Avolio <fred () avolio com>
Date: Fri, 19 Mar 2004 11:48:01 -0500
At 08:40 AM 3/19/2004 -0500, Dave Piscitello wrote:
I am surprised no one mentioned that terminating VPN at the firewall lets you distinguish VPN traffic from all other traffic routed through the firewall (without topological or addressing finagling), and protects VPN traffic to the security policy enforcement point, e.g., across the "DMZ" you have between the router and firewall (unless the router-firewall link is a crossover cable, it's a network, and I've seen people throw IDS/IPS, performance analysis devices, and gee, how about a web server there - and that's only the list of systems they learn about).
Which begs the question: How many of you with firewall/VPN combinations can and do configure the VPN to functionally terminate before the firewall?
Some firewall/VPN boxes assume no firewalling for VPN connections. IE, if you are authenticated, you are in.
f _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: vpn end-point Claussen, Ken (Mar 18)
- RE: vpn end-point paul (Mar 18)
- RE: vpn end-point Dave Piscitello (Mar 19)
- RE: vpn end-point Frederick M Avolio (Mar 19)
- RE: vpn end-point Dave Piscitello (Mar 19)
- Re: vpn end-point Shimon Silberschlag (Mar 22)
- RE: vpn end-point Mark Gumennik (Mar 27)
- RE: vpn end-point Dave Piscitello (Mar 19)
- RE: vpn end-point paul (Mar 18)
- <Possible follow-ups>
- RE: vpn end-point Robert Perez (Mar 18)
- RE: vpn end-point Sloane, David (Mar 18)
- RE: vpn end-point Dean Davis (Mar 18)