On Thu, 7 Feb 2002, luis wrote: > Hi, I have been told that in order to keep the different company > departments "isolated" each other( but everyone accessing internet), I > have to use subnetting. after the reading of some books and articles, I > haven�t found any reference (one indirect but not useful). But I think that > I need firewalls to do the job. So I�m asking for some light, reference to > article, experience, book... whatever.
You'll need to subnet to get your address space ready for firewalls or filter rules on your routers. The biggest issue is going to be access to shared resources like file servers in a data center. If you've got a relatively conservative Internet access policy and you're using a proxy server, then that piece is easier, if you're allowing almost anything out and you're using a packet filter, then you'll have to allow many more addresses to be routed through the interconnecting networks. I generally map out a transit network in this scenerio that different internal subnets are allowed to pass traffic originating in their subnet out to, and hang the servers off the backbone as their own subnet/zone, as well as a proxy server for Internet access. I also tend to limit what can go back into a subnet. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
