Re: Firewall-1 and Frame relay interfaces

[Ryan Russell <ryan () securityfocus com>]

On Mon, 4 Jun 2001, Dawes, Rogan (ZA - Johannesburg) wrote:

> I am trying to help a customer design a firewall solution for a frame relay
> network. They operate their own Frame Relay switches, and would like to have
> a way to securely allow traffic to cross PVCs.
>
> One solution that was proposed involved a number of individual routers with
> Frame Relay interfaces, connected to the switch (one for each PVC). Those
> routers each have an Ethernet interface, which connects to a Firewall-1 with
> 2 or more Quad Fast Ethernets (we're talking about 8 or more PVC's to be
> connected/controlled)

What is the threat that they are trying to protect against?  Usually with
frame, it's worry that the frame provider will have a malicious employee,
or screw up the config, making the frame network no longer private.  The
solution to that is to VPN across the frame links.

What you're talking about implies that there is no trust between the
various frame endpoints, though.  Some sort of partner network, perhaps?

If that is indeed what you want, then if the firewalling features of your
router won't cut it, a Nokia isn't a bad router for a firewall...

I don't know the answer to your in-and-out routing question.

                                Ryan


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards