OSI and firewalls

[Latenser James <jpl3282 () me00 KCPL com>]

  On one of our TCP/IP network segments we have some NT machines which
pass data through a SUN based firewall to a Frame Relay router connected
to an external private (non-Internet) network.  A limited number of
internal IP addresses and services have been allowed to pass through the
firewall to send data to machines in that external private network.  A
new application to replace this existing IP based version is coming
in-house but uses OSI. This new application will run on those same NT
servers and they have had an OSI stack installed. The firewall does not
have an OSI stack thus no OSI packets are passed through from the NT
machines.  

We are new to OSI and not familiar with any of its' potential
issues/vulnerabilities.  We have been told under OSI you can only filter
on source and destination address, but even then may not be able to tell
which end initiated the conversation.  We know we could implement OSI on
a Cisco in "parallel" with the firewall and utilize access lists but are
not comfortable with not being able to filter the virtual terminal,
FTAM, mail, etc. services in OSI.

Thoughts or pointers would be appreciated.

Jim   jpl3282 () kcpl com