On 9/2/2011 8:09 AM, Ivanildo Galvão - IT Services wrote: > Please excuse my ignorance, but can you give me examples of the risks posed > by this scenario? It serves as a basis to explain to the client that even in > the previous solution with Linux, the setting was already correct.
I just said it in my last e-mail. As have others here. If you have multiple subnets in the same network with no layer 2 segregation (physical or VLAN), there is zero security gained by that practice. All a client has to do is change the IP settings on their network card from DHCP to a static IP in any of the subnets, and they can talk to anything there. Even if you put static ARP on the firewall, that gains you no protection between the clients, servers, etc, in those other subnets. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
