Re: Firewalling non-IP protocols

Wed, 9 Jun 1999 18:51:03 -0700 

Minor comments, DECnet is a complete layer 3 protocol (LAT the terminal
service is not, and must be bridged). Hence, ACL processing (= packet
filtering) can be done on the DECnet addresses and even on DECnet objects.

But, this is only packet filtering. Also, do not forget that with DECnet
the passwords are sent in the clear.

IP filtering can be done dynamically and keeping layers 3/4/5/7 states with
CBAC (Context Based Access Control).

Hope this helps

-eric

At 05:50 04/06/1999 -0400, Chris Brenton wrote:
>Martin Davies wrote:
>> 
>> A client of mine has a need to install a firewall between his network
>> and a client network that will pass both IPX and DecNET in addition to
>> the more normal IP-based protocols. I don't want to have to put separate
>> products for each protocol in parallel, so does anyone know of a product
>> that will provide firewall protection for all three protocols?
>
>Yuck...
>Your only option that I can think of is a Cisco router. This will allow
>you to do static packet filtering (dynamic for TCP) for both IP and IPX.
>The killer is that you want to add DecNET to the mix. If memory servers,
>this protocol has no layer 3 component so it must be bridged. With this
>in mind most filtering devices will not be able to handle it. With a
>Cisco, you could bridge just the DecNET traffic and *maybe* do something
>with the Ethernet Type codes or MAC address access list filtering. I've
>personally never tried to apply these ACL's in bridge mode. Not sure if
>it will work.
>
>There used to be a product called CarlBridge or something similar. This
>may do the trick as well but I have not heard or see it in quite some
>time.
>
>Good luck!
>Chris
>-- 
>**************************************
>[EMAIL PROTECTED]
>
>* Multiprotocol Network Design & Troubleshooting
>http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
>* Mastering Network Security
>http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
> 
Eric Vyncke                        
Consulting Engineer                Cisco Systems EMEA
Phone:  +32-2-778.4677             Fax:    +32-2-778.4300
E-mail: [EMAIL PROTECTED]          Mobile: +32-75-312.458
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to