Hi Jean Pierre!
If I rigthly understood your problem, My solution is:
One Firewall in your Office Header, logically I think that the office header lan
have connection to Internet, of which u want to protect...
BTH, I didn�t understand u, Why do u want firewalls in each site, if these fit a
Private Network!.
I won�t mistrust of my telco, while it dont provide internet access as ISP (for
example).
But, if u mistrust, u could to use data encryption.
Any packets in your private WAN must be routed toward office header�s router,
and ones in your private lan (office header) toward "The Firewall", and thats
all Folks!
IMHO, You could ask more to support (routers)
Jean-PierreCordeau wrote:
> Wondering if firewalls could work in our special topology:
> here are the constraints & info:
>
> * We have a large private network where all PVCs point to the same "head
> office" if you want (the underlying ATM network is run by a telco)
> * all the local networks of every physical site are given a subnet of a
> class A 10.x.x.x adress space
> * by default the routers that constitute the VPN do not have access-lists or
> security (and possibly will not be able to - due to the telco)
> * We would like to consider managing the inter-site (i.e. the communication
> needs between various local networks) security in a centralized manner
> * The risk associated with a inter-site "leak" is not great since the data
> stored in the sites is not that confidential but:
> * For legal reasons, the sites are responsible for there own data and would
> like some kind of say as to whom enters their network
>
> * It is possible for us to get all the inter-site trafic re-routed to the
> lan of the "head office" (by default the inter-site traffic never goes on
> the
> head office lan but is routed without security within the routers)
>
> I have read a bit in this mailing list and gone searching (at the corporate
> firewall sites) for a while, all I have read about firewalls is for securing
> a local network from a distant network (or parts of a local network). In
> our situation it would be allowing only part of a wan to communicate with
> another part of a wan.
>
> I know a simple but $$$ solution would be to put as many firewalls as there
> are sites (between the wan link and the local nets). Is there a less
> painful alternative ?
>
> In the beginning, we would be looking at a "network layer" solution (even
> though less secure) since there are 200 sites and I would not want too many
> specific rules to completely slow down the link to our "head office".
>
> Could a firewall be used in such a situation ? (or am I completely on the
> wrong track ?)
> Any suggestions ?
>
> Thanks for any help or insight.
>
> Jean-Pierre Cordeau
> [EMAIL PROTECTED]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
