Firewall Wizards mailing list archives
Re: Firewall-1 and Frame relay interfaces
From: Ryan Russell <ryan () securityfocus com>
Date: Tue, 5 Jun 2001 09:22:35 -0600 (MDT)
On Mon, 4 Jun 2001, Dawes, Rogan (ZA - Johannesburg) wrote:
I am trying to help a customer design a firewall solution for a frame relay network. They operate their own Frame Relay switches, and would like to have a way to securely allow traffic to cross PVCs. One solution that was proposed involved a number of individual routers with Frame Relay interfaces, connected to the switch (one for each PVC). Those routers each have an Ethernet interface, which connects to a Firewall-1 with 2 or more Quad Fast Ethernets (we're talking about 8 or more PVC's to be connected/controlled)
What is the threat that they are trying to protect against? Usually with frame, it's worry that the frame provider will have a malicious employee, or screw up the config, making the frame network no longer private. The solution to that is to VPN across the frame links. What you're talking about implies that there is no trust between the various frame endpoints, though. Some sort of partner network, perhaps? If that is indeed what you want, then if the firewalling features of your router won't cut it, a Nokia isn't a bad router for a firewall... I don't know the answer to your in-and-out routing question. Ryan _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall-1 and Frame relay interfaces Dawes, Rogan (ZA - Johannesburg) (Jun 04)
- Re: Firewall-1 and Frame relay interfaces Crist Clark (Jun 05)
- Re: Firewall-1 and Frame relay interfaces Ryan Russell (Jun 05)
- <Possible follow-ups>
- RE: Firewall-1 and Frame relay interfaces Dawes, Rogan (ZA - Johannesburg) (Jun 06)