Re: Switches, Routers & Hubs...oh my..

Fri, 04 Aug 2000 10:39:48 -0700 


TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

SGuy,

I think your switch guy is *wrong*  span a port on each switch, then
plug the span port into a hub, then plug the stealth interface into that
hub.

If that won;t work (we are doing it with what looks like same config) 
then put RS between the routers and the switches.

George Milliken
farm9.com

Stupid Guy wrote:
> 
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
> [EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
> ----------------------------------------------------------------------------
> 
> Got a few questions:
> 
> Our Internet infrastructure looks like:
> 
>                       INTERNET
> -------------------------------------------------------
>        |                                     |
>   ----------                            ----------
>   | Router |                            | Router |
>   ----------                            ----------
>       |                                      |
>   ==========                            ==========
>   | Switch |----------------------------| Switch |
>   ==========                            ==========
>       |                                      |
>   ____|_____                            _____|____
>  |Checkpoint|                          |Checkpoint|
>  | Firewall |------DMZ-----------------| Firewall |
>  |__________|                          |__________|
>       |                                      |
>    --------------------------------------------
>             Internal Network
> 
> Anyhow, my issue is that I have these Firewalls Load Balanced, with some
> traffic possibly coming in one firewall and out the other, so I need to
> ensure all of the traffic outside the firewalls gets assessed by one
> RealSecure Network Sensor.  (The rest of the above diagram is more
> complicated then I've indicated, so please do not get into NON issues)
> 
> My network guys state that I cannot SPAN a port on each Switch into a
> HUB because of cross communication and such.  Also, if I plugged each
> SPAN port into another Switch, and SPAN the VLAN, I get only a
> 'Sampling' as it skips from port to port shoveling the traffic to the
> SPAN'd port.
> 
> I don't want to necessarily use TAPS on each connection, because then I
> lose the ability to do RESETs...as I would be using the STEALTH
> interface on the mirrored connection.
> 
> Any suggestions, comments?
> 
> Thanks.
> 
> sg

-- 


Regards,



George Milliken

---------------------------------
farm9, Inc.

Online Intrusion Prevention 24x7
http://www.farm9.com
---------------------------------

Reply via email to