Interesting. I have a client in two locations connected via LAN. Previously connected via slow WAN link, when they went to LAN connection I retained the SonicWALL's and just adapted rules so client PC's can basically only talk to servers at the other site via specific ports.
Is that kind of what the auditor is talking about? Dave Lum - Systems Engineer [EMAIL PROTECTED] - (971)-222-1025 "When you step on the brakes your life is in your foot's hands" -----Original Message----- From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 23, 2008 8:25 AM To: NT System Admin Issues Subject: Re: Firewall between LANs I think we have also. I tried to explain it to him the firewalls and routers are basically the same thing. It just matters on how you configure the ACLs. I will look at tightening the screws a little tighter on the routers though. ----- Original Message ----- From: "Phil Brutsche" <[EMAIL PROTECTED]> To: "NT System Admin Issues" <[email protected]> Sent: Wednesday, January 23, 2008 11:22 AM Subject: Re: Firewall between LANs > Not firewalls like a SonicWALL or PIX per se, but packet filtering > routers. Any decent router will support basic packet filtering via ACLs; > if your routers don't then you need new routers. > > But the whole point would be to limit traffic from one branch office to > another - if the PCs the tellers use at one branch office don't need to > contact the tellers' PCs at another, configure the packet filtering > functionality on the router to prevent it. > > If the tellers' PCs at the branch offices only need to contact *very > specific* services on *very specific* servers at HQ, configure the > packet filter to allow that and deny anything else from the tellers' PCs > to HQ. > > That's how *I* would read the auditor's recommendation, and it sounds > like you've already done at least some of that. > > David W. McSpadden wrote: >> At this location we have LAN's tied together on a MPLS network which >> should >> be a VPN with ACL's. Why would you have Firewalls instead of routers? > > -- > > Phil Brutsche > [EMAIL PROTECTED] > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
