Hello ppl, I'm trying to put PacketFence in my network but I've a lot of doubts on how to implement in my "strange" scenario.
Today I've one public external IP, a firewall with static routes, and a Nortel Layer-3 Switch doing all the routing to my subnets. I don't have NAT in my network. So the diagram of my Network is: WAN ===> iptables Firewall ===> Nortel ===> Subnets The first question is: where to put PacketFence? Between the Firewall and the Nortel Switch? Remove the Firewall? A pratical example with fake IP numbers: My WAN IP is 123.123.12.34 and my Firewall IP is 123.123.24.1; my Nortel have a lot of IP's addresses, since its servicing 8 /24 networks: 123.123.24.1 123.123.25.1 123.123.26.1 123.123.127.1 123.123.128.1 123.123.129.1 123.123.130.1 234.234.254.1 The second question is: two network cards can handle this? Do I need more? The last question: there's a way to test everything without putting my network in downtime? Thanks for any help, Vinícius Ferrão PS: At a first moment I considered Inline mode, after an answer from Francois Gaudreault I was convinced to use only VLAN Enforcement, but due money limitations we cannot proceed with 100% VLAN Enforcement. We have a lot of public IP addresses and only two switches capable of Port Security, 802.1x and etc. PPS: I'm aware of this documentation pointed by Francois Gaudreault: http://www.packetfence.org/support/faqs/article/how-can-we-route-instead-of-nat-through-packetfence-in-inline-enforcement.html?no_cache=1&cHash=0739887ba98b66cf34c141c7e9773cb3; I just don't know how to continue.
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
