Re: private frame relay outside of firewall

[roger nebel <roger () homecom com>]

we see this configuration a lot.  the telco has two or more virtual
frame connections (Private Virtual Circuits or PVCs) on the serial side
of one router.  those PVC's can be to the Internet and/or to other
"private" connections.  note that all the PVC's share the same telco
switching fabric so you should make a decision about whether or not you
need any traffic protection for confidentiality and integrity (normally
encryption aka a VPN).  this one router configuration saves costs for
the telco (and possibly you) since only one router has to be provisioned
and managed.  if you trust the users on the other side of the frame
cloud then you might bring that connection in behind the firewall on a
separate router.  if you don't trust what or who is coming in from the
frame you isolate yourself behind the firewall.  

Geoff Nordli wrote:
> Am I missing something about a firewall configuration with private frame
> relay?
>
> The layout of the network has the Internet and private frame relay traffic
> from other branches going directly into the outside of the firewall.
>
> There is only one connection coming from the router.  The telephone company
> designed the network with internet connectivty.
>
> I would think that there should be 2 connections coming in.  1 from the
> private frame relay network, which goes behind the firewall. The 2nd coming
> in from the Internet, which goes in front of the firewall.
>
> Do you agree with this configuration
>
> thanks
>
> Geoff Nordli