Re: Say it ain't so

[Sandeep_Talwar () notes pw com]

It all depends as to what is your security policy and how you have to
 implement it( THe security policy ). What services are to be allowed
 to pass throughthe firewall, what are the hosts you wish to hide from
 the Internet( or outside your secured zone) typically your protected 
 LAN for which you have installed the firewall.Do you want NAT for
 your protected hosts. These are the issues to be considered. 
 Does not necessarily mean that all IP addresses have to be changed.
 A typical firewall has rules to be configured as per your security 
 policy of your organization.THe firewall would be the only entry and
 exit for your network with the outside or untrusted network.
 Again your network setup would be as per your security
 policy. This would typically include your mail set up as well and 
 ofcorse this would have to be reconfigured with the Firewall. But again
 it all depends uopn what are your requirements.Hope this helps. 
 Sandeep

> Hi All,
>        I've got a meeting with our Firewall Installers on the 29th. >Got 
> pulled into as a result of 'centralizing' our computer/technology 
> staff and creation of a helpdesk. The upshot is this. We have been 
> apprised by one of the staff (Originally selected 
> installation/Firewall) and was told that every device behind the 
> firewall would have to 'be touched' for anything to work. It almost 
> sounds like a complete rework of the network setup/standard. We were 
> told that all IP addresses would have to be changed. Somehow I get 
> the impression that this is the installers idea, and I'm not quite 
> willing to by into it. I feel that it should be possible to 'plug-in' 
> any properly configured firewall (with the exception of the proxies) 
> and not have to reconfigure machines. 
>       Am I wrong?
> Jim Leo
> admin () everett pitt cc nc us