RE: Sonicwall Soho2

Thu, 10 Jan 2002 02:05:06 -0800 

I feel this goes along with what you say

        [...]It is different from most 'conventional' firewalls, in that
it does not perform 'routing' (unless you turn on the NAT features). It
is actually more of a 'switch' type of device, which uses a form of
stateful packet inspection and a rules engine to determine whether to
forward packets from one port (a LAN port) to the other port (a WAN
port).[...]

It is an extract from http://www.sans.org/y2k/firewall.htm


F.


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: jeudi 10 janvier 2002 10:14
To: [EMAIL PROTECTED]
Subject: RE: Sonicwall Soho2


> From: ext Dave Crocker [mailto:[EMAIL PROTECTED]]
> At 10:56 AM 1/9/2002 +0200, [EMAIL PROTECTED] wrote:
> >Well, first thing to understand is that Sonicwall is 
> transparent bridge
> >not a router.
> The Sonicwall Soho (not 2) that I have had for a couple of years is a 
> router.  It also does NAT and a set of firewall filtering functions.
> 
> The device is definitely not a bridge.  That is, it very 
> clearly works at 
> the IP level, rather than at layer 2.

Lets not confuse these things over here.

1. Sonicwall is a bridge. (at least dmz and wan interfaces are in same
subnet, in non NAT configuration also lan)
2. Sonicwall is filtering traffic based on layer 3 information.
3. Sonicwall has ip address for management functionality. (so it's
present also on layer 3)
4. Sonicwall has limited capability acting as a router in NAT
configuration but it is not a router (it is probably just doing source
and destination NAT to connections).
5. Sonicwall can emulate router functionality by sending ICMP redirects

The difference between routing firewall and bridging firewall is that
routing firewall is configured as a gateway to all network segments
connected to it. Bridging firewall is relaying traffic on Layer 2.

So from layer 3 perspective clients are sending traffic to routing
firewall but in the case of bridge it is just flowing through (or not,
depending on the installed policy).

rgds,
Harri

(And Sonicwall doesn't mention this on their website, which could be
quite confusing)
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

Reply via email to