On Mon, 19 Nov 2001, Matt Gorham wrote: > I have two remote offices and our main office. Netscreen 5xp is located at > the main office, remote offices are connected via 56k and 128k line to the > untrusted port on the firewall. How would i make all internet and email > traffic pass through the firewall before going out to the internet. > > > remote remote > cisco 1005 cisco 1005 > | | > | 128k 56k | > | | > | | > Main office cisco > 1005<---------------------------->Internet > | > | > | > netscreen > 5xp > > > > > Matthew Gorham > MCSE, CCA, CNA, MCP+I, A+ > Systems Administrator
You might want to put a basic acl on the main office 1005, and create a policy that prevents the subnets of the remote office from connecting directly to the internet, but instead only allows them to talk to a application proxy on the same subnet as the netscreen firewall. You would then allow internet traffic to communicate with a proxy. The application proxy could also have an SMTP relay. --truman _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
