I've got a client that has two sites, each with a firewall installed
(CheckPoint FW-1) and they want to implement a VPN between the sites. They
do NOT want to use FW-1, for reasons I've yet to determine...but instead
want to install a small VPN appliance from Compatible Systems at each site.
The client has an architectural layout in mind, where the Compatible Systems
VPN boxes will sit next to FW-1, using a completely separate, parallel path.
They have fractional T1 service at each site and want to connect the router
to a small hub. Then they want to connect FW-1 and the VPN box to the hub
and provide dual, parallel pathways into their network.
I don't like the idea of bypassing the firewall at all... I tried to
explain that a pathway around the firewall sort of defeats the whole purpose
of having the firewall in the first place, but the client insists this is
the desired configuration. They feel safe in the security provided on the
theory that the VPN box will not allow anything but authenticated VPN users
and remote sites anyway, so it doesn't really pose a security risk.
I've never heard of setting up this type of pathway around the firewall, yet
the client insists it is a common configuration used by many companies. In
fact, it was the observation of this type of configuration at another
company that sold the client on setting up the same thing.
Have any of you setup such a configuration before? Is it really as common
as this client would have me believe? As soon as I saw the drawing on the
board, red flags went up like crazy. It just doesn't look right at
all...but I wanted to ask for opinions and/or comments here.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
