They were being vague. A router won't do you need a firewall.
Well a firewall is just a router with a little more coding and a lot more
ACL's.
----- Original Message -----
From: "David Lum" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[email protected]>
Sent: Wednesday, January 23, 2008 12:53 PM
Subject: RE: Firewall between LANs
Interesting. I have a client in two locations connected via LAN.
Previously connected via slow WAN link, when they went to LAN connection
I retained the SonicWALL's and just adapted rules so client PC's can
basically only talk to servers at the other site via specific ports.
Is that kind of what the auditor is talking about?
Dave Lum - Systems Engineer
[EMAIL PROTECTED] - (971)-222-1025
"When you step on the brakes your life is in your foot's hands"
-----Original Message-----
From: David W. McSpadden [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 8:25 AM
To: NT System Admin Issues
Subject: Re: Firewall between LANs
I think we have also.
I tried to explain it to him the firewalls and routers are basically the
same thing.
It just matters on how you configure the ACLs.
I will look at tightening the screws a little tighter on the routers
though.
----- Original Message -----
From: "Phil Brutsche" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[email protected]>
Sent: Wednesday, January 23, 2008 11:22 AM
Subject: Re: Firewall between LANs
Not firewalls like a SonicWALL or PIX per se, but packet filtering
routers. Any decent router will support basic packet filtering via
ACLs;
if your routers don't then you need new routers.
But the whole point would be to limit traffic from one branch office
to
another - if the PCs the tellers use at one branch office don't need
to
contact the tellers' PCs at another, configure the packet filtering
functionality on the router to prevent it.
If the tellers' PCs at the branch offices only need to contact *very
specific* services on *very specific* servers at HQ, configure the
packet filter to allow that and deny anything else from the tellers'
PCs
to HQ.
That's how *I* would read the auditor's recommendation, and it sounds
like you've already done at least some of that.
David W. McSpadden wrote:
At this location we have LAN's tied together on a MPLS network which
should
be a VPN with ACL's. Why would you have Firewalls instead of
routers?
--
Phil Brutsche
[EMAIL PROTECTED]
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
