Security Basics mailing list archives

Re: Firewall positioning in Large Network

From: Brian Laing <brian () Redseal net>
Date: Wed, 27 Jun 2007 10:41:19 -0700

Mubin,
    This is a tough question to answer without a better understanding of
your network and the various services running on it.  It also comes down to
a security methodology of do you want physical or logical separation.  For
example I prefer to have the perimeter devices as physically separate as
possible.  I have seen people connect their boarder router, F/W, and dmz
severs all onto the same core switch.  This just scares me.  I typically
like the boarder router and fw on one smaller switch and dmz on a second,
then core on a 3rd.  Not all environments can due this.
    you may want to take a look at our website http://www.redseal.net  I
would be happy to hook you up with a demo of our software, I would even do a
webex once you have it up and running to help you with this question.  Let
me know if your interested.

Cheers,
Brian

--------------------------------------------------------------------
Brian Laing
Chief Security Officer
Cellphone:  +1 650.280.2389
Office:     +1 (888) 845-8169 Ext. 805
Email: brian () redseal net

Redseal Systems  http://www.redseal.net
 
Instant Visibility.  Threats Averted.
-------------------------------------------------------------------



From: Mubin Shaikh <mubines () yahoo com>
Date: Wed, 20 Jun 2007 04:34:04 -0700 (PDT)
To: <security-basics () securityfocus com>
Subject: Firewall positioning in Large Network
Resent-From: <security-basics-return-44888 () securityfocus com>
Resent-Date: Wed, 20 Jun 2007 11:28:53 -0600 (MDT)

Hi,

Question - 

What is the best logical placement for firewall in
large network?

If I have 3000+ user organisation with both core and
access switch available, will i connect my firewall to
core switch or access switch ? and why ?

Thanks
-Mubin


      
____________________________________________________________________________
________
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user panel
and lay it on us. 
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7

Current thread:

Firewall positioning in Large Network Mubin Shaikh (Jun 20)
- Re: Firewall positioning in Large Network Ansgar -59cobalt- Wiechers (Jun 20)
- RE: Firewall positioning in Large Network Hargiss, Jeff (Jun 20)
- RE: Firewall positioning in Large Network David Gillett (Jun 20)
- RE: Firewall positioning in Large Network Steve Armstrong (Jun 20)
  - RE: Firewall positioning in Large Network Mubin Shaikh (Jun 22)
    - RE: Firewall positioning in Large Network Jesse Eaton (Jun 22)
- RE: Firewall positioning in Large Network Hesham Sabry (Jun 20)
- Re: Firewall positioning in Large Network Brian Laing (Jun 28)
- <Possible follow-ups>
- Re: Re: Firewall positioning in Large Network evilwon12 (Jun 20)