TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I agree with George with the following exception:
It depends on the manufacturer of the switch. Some switches are a little
brighter than others.
This type of question needs to include the make and model of the switch and the
firewall hardware to get a better answer.
There are some other option that are dependant on the hardware platform. Like:
If the firewall is on a Nokia platform you get the option of running RealSecure
on one interface of the Nokia.
Ken Stephens, CISSP
Sr. Security Manager
Computer Sciences Corp.
[EMAIL PROTECTED]@iss.net on 08/04/2000 10:30:28 AM
Please respond to [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: Switches, Routers & Hubs...oh my..
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
SGuy,
I think your switch guy is *wrong* span a port on each switch, then
plug the span port into a hub, then plug the stealth interface into that
hub.
If that won;t work (we are doing it with what looks like same config)
then put RS between the routers and the switches.
George Milliken
farm9.com
Stupid Guy wrote:
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
> ----------------------------------------------------------------------------
>
> Got a few questions:
>
> Our Internet infrastructure looks like:
>
> INTERNET
> -------------------------------------------------------
> | |
> ---------- ----------
> | Router | | Router |
> ---------- ----------
> | |
> ========== ==========
> | Switch |----------------------------| Switch |
> ========== ==========
> | |
> ____|_____ _____|____
> |Checkpoint| |Checkpoint|
> | Firewall |------DMZ-----------------| Firewall |
> |__________| |__________|
> | |
> --------------------------------------------
> Internal Network
>
> Anyhow, my issue is that I have these Firewalls Load Balanced, with some
> traffic possibly coming in one firewall and out the other, so I need to
> ensure all of the traffic outside the firewalls gets assessed by one
> RealSecure Network Sensor. (The rest of the above diagram is more
> complicated then I've indicated, so please do not get into NON issues)
>
> My network guys state that I cannot SPAN a port on each Switch into a
> HUB because of cross communication and such. Also, if I plugged each
> SPAN port into another Switch, and SPAN the VLAN, I get only a
> 'Sampling' as it skips from port to port shoveling the traffic to the
> SPAN'd port.
>
> I don't want to necessarily use TAPS on each connection, because then I
> lose the ability to do RESETs...as I would be using the STEALTH
> interface on the mirrored connection.
>
> Any suggestions, comments?
>
> Thanks.
>
> sg
--
Regards,
George Milliken
---------------------------------
farm9, Inc.
Online Intrusion Prevention 24x7
http://www.farm9.com
---------------------------------
