T, good catch. as usual the 'kiss' principle works again.
gee,,,this proxy stuff soundz really familiar... btw,,rsvp off the list regardz to bankruptcy proceeding against pilot...if you've anything at all. Matt, also,,,though it probably goes without saying if the remotes have alternate Internet access via d/up broadband,,,etc,,,,from machines connected to your routers then all your efforts will be for nothing... your overall CORPORATE info protection policy .. MUST .. discourage independant activity of this sort. uhhh, i forgot what was the password for your 1005 again... just joking... piranha.. ********************************************************** professionals built the titanic (Micro$oft, Bill Gates). amateurs built the ark (Linux, Torvalds, et al) ********************************************************** >From: Truman Boyes <[EMAIL PROTECTED]> >To: Matt Gorham <[EMAIL PROTECTED]> >CC: [EMAIL PROTECTED] >Subject: Re: all traffic though firewall >Date: Mon, 19 Nov 2001 14:07:05 -0500 (EST) > >On Mon, 19 Nov 2001, Matt Gorham wrote: > > > I have two remote offices and our main office. Netscreen 5xp is located >at > > the main office, remote offices are connected via 56k and 128k line to >the > > untrusted port on the firewall. How would i make all internet and email > > traffic pass through the firewall before going out to the internet. > > > > > > remote remote > > cisco 1005 cisco 1005 > > | | > > | 128k 56k | > > | | > > | | > > Main office cisco > > 1005<---------------------------->Internet > > | > > | > > | > > netscreen > > 5xp > > > > > > > > > > Matthew Gorham > > MCSE, CCA, CNA, MCP+I, A+ > > Systems Administrator > >You might want to put a basic acl on the main office 1005, and create a >policy that prevents the subnets of the remote office from connecting >directly to the internet, but instead only allows them to talk to a >application proxy on the same subnet as the netscreen firewall. You would >then allow internet traffic to communicate with a proxy. The application >proxy could also have an SMTP relay. > >--truman > > >_______________________________________________ >Firewalls mailing list >[EMAIL PROTECTED] >http://lists.gnac.net/mailman/listinfo/firewalls _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
