Re: Say it ain't so

[jim () coltano stortek com]

Jim - 

It ain't so.  

There should be no reason to change ip addresses on all the stuff currently
in the network.  UNLESS thier plan is to abandon your current IP address
space in favor of one of the private network numbers and do NAT on the
firewall.  And even then you do not have to change the internal addresses.

Sounds like scope creep on the part of the installation team to me.  

Now you may still have to touch every machine to change some things if they
have decided to use socksified processes like telnet, ftp and such.  have
to replace client apps.  Also would need to touch every copy of web browsers
to set up proxying.  





> From owner-firewall-wizards () nfr net Thu Sep 18 15:14 MDT 1997
> From: "Jim Leo" <ADMIN () everett pitt cc nc us>
> To: firewall-wizards () nfr net
> Date:  Wed, 17 Sep 1997 12:43:27 EST5EDT
> Subject: Say it ain't so
>
> Hi All,
>      I've got a meeting with our Firewall Installers on the 29th. Got 
> pulled into as a result of 'centralizing' our computer/technology 
> staff and creation of a helpdesk. The upshot is this. We have been 
> apprised by one of the staff (Originally selected 
> installation/Firewall) and was told that every device behind the 
> firewall would have to 'be touched' for anything to work. It almost 
> sounds like a complete rework of the network setup/standard. We were 
> told that all IP addresses would have to be changed. Somehow I get 
> the impression that this is the installers idea, and I'm not quite 
> willing to by into it. I feel that it should be possible to 'plug-in' 
> any properly configured firewall (with the exception of the proxies) 
> and not have to reconfigure machines. 
>      Am I wrong?
> Jim Leo
> admin () everett pitt cc nc us
>
>