Firewall Wizards mailing list archives
OSI and firewalls
From: Latenser James <jpl3282 () me00 KCPL com>
Date: Thu, 12 Feb 1998 10:07:36 -0600
On one of our TCP/IP network segments we have some NT machines which pass data through a SUN based firewall to a Frame Relay router connected to an external private (non-Internet) network. A limited number of internal IP addresses and services have been allowed to pass through the firewall to send data to machines in that external private network. A new application to replace this existing IP based version is coming in-house but uses OSI. This new application will run on those same NT servers and they have had an OSI stack installed. The firewall does not have an OSI stack thus no OSI packets are passed through from the NT machines. We are new to OSI and not familiar with any of its' potential issues/vulnerabilities. We have been told under OSI you can only filter on source and destination address, but even then may not be able to tell which end initiated the conversation. We know we could implement OSI on a Cisco in "parallel" with the firewall and utilize access lists but are not comfortable with not being able to filter the virtual terminal, FTAM, mail, etc. services in OSI. Thoughts or pointers would be appreciated. Jim jpl3282 () kcpl com
Current thread:
- OSI and firewalls Latenser James (Feb 12)