Re: Placement of a VPN Appliance

["JB" <bolesjb () yahoo com>]

If outside the firewall, you could additionally filter with the firewall,
but in principal I agree with you, as most smaller operations I've seen will
probably not have the resources to effectively control a VPN termination
point outside the firewall (i.e. montoring and logging an additional 'type'
of traffic which behaves differently, i.e. different ports, etc.).  This
would be essentially akin to running two different firewalls, which would
add significantly to VPN cost.


----- Original Message -----
From: "R. DuFresne" <dufresne () sysinfo com>
To: <dharris () kcp com>
Cc: <firewall-wizards () nfr com>; <Jeffery.Gieser () minnesotamutual com>
Sent: Thursday, January 04, 2001 7:41 PM
Subject: Re: [fw-wiz] Placement of a VPN Appliance


[SNIP]
> I get confused at this point.  as long as the VPN traffic is allowed into
> your network, no matter the endpoint, in front of or behind the FW, of the
> device, are you not at the same risk?
>
> Thanks,
>
> Ron DuFresne



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards