Firewall Wizards mailing list archives

Re: Netscreen interface question

From: Yang Lee <ylee () net50 com>
Date: Wed, 29 Aug 2001 20:57:54 -0400 (EDT)

The limit of interfaces in NS is going to be solved in NS-500 with
multiple interface modules. This feature is going to be implemented in
next screenos release, according to their product manager, which is a
couple months down the road (version 3.0).

Currently, Netscreen do have solutions for multiple dmz support - virtual
system. Basically, Netscreen 100 and above are capable of level 2 vlan
switching. So that the NS interface can be virtually divided into multiple
interface by packet tagging. Notice the catch here is, the virtual system
is as secure as the vlan can be, which is acceptable by most 
practice standards.

In your situation, you will need a (pair of) NS with proper licensing from
Netscreen ($$ for xxVSs), and a matching switch capable of VLANs between
your firewall and routers (do i mention Extreme gears?).

Hope this help. Good luck.


############################################
#Yang Lee                                  #
#Sr. Internet Security Engineer, Net2phone #
#Tel. 973-412-3556                         #
#Email. ylee () net2phone com                 #
#                                          #
#                                          #
#Disclaimer:                               #
#My opinion here does not represent my     #
#employer in any way                       #
#                                          #
############################################

On Wed, 29 Aug 2001, Michael Condren wrote:


Hi,

We are thinking of purchasing a Netscreen product to act a central firewall 
for all traffic in and out of our site.  Currently there are 4 routers used 
for traffic.  One for Internet access, the other three are used for 
communication with other sites over leased lines.  Netscreen firewalls only 
have three interfaces per box.  Is it possible to use the Netscreen as a 
firewall between our site and the other site when there are only 3 
interfaces on the firewall and four router LAN interfaces?  Can you route 
traffic to go in through one interface (router1->firewall int1) and out 
through the same interface (firewall int1 -> router1)?

Thanks


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Netscreen interface question Michael Condren (Aug 29)
- Re: Netscreen interface question Yang Lee (Aug 31)
- <Possible follow-ups>
- RE: Netscreen interface question Mayers, Philip J (Aug 31)