Have you experimented with having VLAN support on the Sun Boxes? This should allow
you to
see each vlan as a separate 'adapter' on the sun box.
Bill Husler wrote:
> We have mandated that networks on different sides of firewalls be physically
>isolated,
> but allow networks of a similar nature (multiple DMZs) to reside on common hardware
> (single switch) so long as the traffic must flow through the firewall to move from
>one
> network to the other (multiple VLANs no routers). Due to technical restrictions in
>our
> current environment (Sun firewalls, Cisco 55k switches, some of these common switch
> environments require multiple NICs on the firewall (one for each VLAN). In an effort
>to
> reduce the number of NICs required, our networking folks have suggested that we use
> routers and take advantage of a feature called "route mapping" to force the traffic
> through the firewalls. I am concerned that the use of routers and "route mapping" to
> separate the traffic may be significantly lowering the bar from no router between
> multiple VLANs, but thought I should check with a suitably paranoid group of Firewall
> engineers and see if there are any suggestions or ideas from this group.
> Bill
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
