I think we have also.
I tried to explain it to him the firewalls and routers are basically the
same thing.
It just matters on how you configure the ACLs.
I will look at tightening the screws a little tighter on the routers though.
----- Original Message -----
From: "Phil Brutsche" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[email protected]>
Sent: Wednesday, January 23, 2008 11:22 AM
Subject: Re: Firewall between LANs
Not firewalls like a SonicWALL or PIX per se, but packet filtering
routers. Any decent router will support basic packet filtering via ACLs;
if your routers don't then you need new routers.
But the whole point would be to limit traffic from one branch office to
another - if the PCs the tellers use at one branch office don't need to
contact the tellers' PCs at another, configure the packet filtering
functionality on the router to prevent it.
If the tellers' PCs at the branch offices only need to contact *very
specific* services on *very specific* servers at HQ, configure the
packet filter to allow that and deny anything else from the tellers' PCs
to HQ.
That's how *I* would read the auditor's recommendation, and it sounds
like you've already done at least some of that.
David W. McSpadden wrote:
At this location we have LAN's tied together on a MPLS network which
should
be a VPN with ACL's. Why would you have Firewalls instead of routers?
--
Phil Brutsche
[EMAIL PROTECTED]
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
