Not firewalls like a SonicWALL or PIX per se, but packet filtering routers. Any decent router will support basic packet filtering via ACLs; if your routers don't then you need new routers.
But the whole point would be to limit traffic from one branch office to another - if the PCs the tellers use at one branch office don't need to contact the tellers' PCs at another, configure the packet filtering functionality on the router to prevent it. If the tellers' PCs at the branch offices only need to contact *very specific* services on *very specific* servers at HQ, configure the packet filter to allow that and deny anything else from the tellers' PCs to HQ. That's how *I* would read the auditor's recommendation, and it sounds like you've already done at least some of that. David W. McSpadden wrote: > At this location we have LAN's tied together on a MPLS network which should > be a VPN with ACL's. Why would you have Firewalls instead of routers? -- Phil Brutsche [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
