> Good Morning, > > I have one problem after last discussion with our IS group. See the > diagram > > M1 M2 M3 Mn > __|_____|____|___..............__|__ ( IP range A.x.0.0 ) -----> > Class A addresses > | > | > Firewall software ( TIS is being proposed) > | > Router ( packet filtering) > > |-------------------------------------------------------------> DNZ is > proposed here as a common point of two network with sniffer to avoid > traffic to another side. > ........................|................................................. > .......................................................................... > ......................................................... > | > NT Server ( the Server will access the shared drive and user > access list of Master domain ) A.1.y.0 > ( This is server for machine M1, M2...Mn and print server > etc.) > | > | > NT Master server .. A.1.z.0 > > Note : The blue area is client side and red area is under IS group, who > doesn't want anybody to access a machine ( except Exchange server, > internet server, DNS, and shared drive on Master server ) beyond Router > and vice versa. > > am I clear ?? I m little bit confused with proposed idea. My Question is > .. > > 1> is it possible that NT server outside of Firewall can do its job. > 2> Security is an issue but nor priority for IP A.x.0.0 but it is highly > important for A.1.0.0 (red part). Is the idea is ok ?? > 3> Do we need TIS ( or any you think better ??) or just a Cisco router > 3640 with IOS firewall based on packet filtering is enough for security of > A.x.0.0. > > I need your suggestion please. > Thanks a lot for your time. > > Sanjeev > > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
