On 2/8/06, R. DuFresne <dufresne_at_sysinfo.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Be wary of VPN bloat, or VPNmadness, whence you have so many VPN/VLAN
> zones, no one can remember which zone to get to which server set let alone
> the passwd for each. I think was presently have 20 or 25 such silly
> things for our "management network" (give or take 5-10, I quit counting).
>
>
> Thanks,
>
> Ron DuFresne
We have that mess here - times 4, at least - for the customer side of things!
Am I wrong in believing that a simple network is a more secure
network? That since we deal with a lot of customer VPN connections,
rather than NATing them and building holes through all of the
firewalls (3-4 depending) we'd be better off NATing them to a network,
and giving the network the access required? Possibly figure out a way
to PVLAN each customer tunnel so that they can't talk to each other,
etc.?
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 15 2006
Intro
