Well I see your choices as being one of 2.
1. Use a Layer 2 switch to create the separate VLANs and have a multiple
interface(one address for each vendor) on a tagged port that is part of each
VLAN.
2. Get a Layer 3 switch and have each vendor go into it's own router port
on the Layer 3 switch and create filters to allow only the traffic you want
to go through.
Option 1 is cheaper but Option 2 is a little more secure, IMO.
-----Original Message-----
From: Ivan Fox [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 25, 1999 10:05 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: VLAN - a semi-firewall related question
1) Each vendor comes in as an extension of their "internal" network.
2) Some use FTP, some use TELENT, some use RLOGIN, some has combination of
these.
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, October 25, 1999 9:01 AM
Subject: RE: VLAN - a semi-firewall related question
> I have a couple of questions that would help in answering your question.
>
> 1. Do you get to assign all of the vendors IP addresses?
> 2. Do the vendors need to get to the same services on your network or
> different services?
>
> Without knowing the answer to these questions I would say that a small
Layer
> 3 switch might be usefull for you. Foundry sells a 24 port Layer 3 switch
> that might be what you need.
>
> -----Original Message-----
> From: Ivan Fox [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 21, 1999 5:26 PM
> To: [EMAIL PROTECTED]
> Subject: VLAN - a semi-firewall related question
>
>
> It is a semi-Firewall related question.
>
> A firewall for the Extranet allows, say 10 vendors, contractors, to
connect
> to it. There are two options that we can think of:
>
> Option 1:
> Have 10 NICs in the firewall. This option is clumsy, but it is secure in
> the sense that competitive suppliers cannot sniff each other's data.
>
> Option 2:
> A smarter approach, one says. Have an intelligent switch connecting to a
> NIC in the firewall. Each port of the switch is isolated, a VLAN
approach.
> Competitive suppliers cannot "peer" into each other's data.
>
> Being a non-router/switch guy. How can I configure and secure the switch?
> I have also heard a router guru mentioned that, in order to provide
> security, we should not use intelligent switch as someone connect to the
> console of a switch, he/she can sniff the packets.
>
> Any pointers are appreciated.
>
> Thanks,
>
> C.K.
>
>
>
> **********************************************************************
> Gruntal & Co., L.L.C.'s e-mail system is for business
> purposes only. Messages are not confidential. All e-mail
> may be reviewed by authorized supervisors, compliance or
> internal audit personnel. E-mail will be archived for at least
> three years and may be produced to regulatory agencies or
> others with a legal right to access such information. Gruntal
> will not accept trade order instructions via e-mail. Please
> telephone your Account Executive to place trade orders.
>
> www.gruntal.com
> **********************************************************************
>
----------------------------------------------------------------------------
----
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
begin 600 winmail.dat
M>)\^(A8-`0:0"``$```````!``$``0>0!@`(````Y`0```````#H``$(@`<`
M&````$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06``P`.````SP<*`!H`
M"0`;`#```@!0`0$@@`,`#@```,\'"@`:``D`'@`4``(`-P$!"8`!`"$```!#
M.#-$,$9%-T1$.$%$,S$Q039#.3`P.#`U1CE&044S,P!?!P$$@`$`+````%)%
M.B!63$%.("T@82!S96UI+69I<F5W86QL(')E;&%T960@<75E<W1I;VX`V@X!
M#8`$``(````"``(``0.0!@!T#@``,@````,`"5D!`````P#>/Z]O```#``"`
M""`&``````#`````````1@````!2A0``)VH!`!X``8`((`8``````,``````
M``!&`````%2%```!````!````#DN,``+``N`""`&``````#`````````1@``
M```&A0````````,``H`((`8``````,````````!&``````&%````````"P`#
M@`@@!@``````P````````$8``````X4````````+``2`""`&``````#`````
M````1@`````.A0````````,`!8`((`8``````,````````!&`````!"%````
M`````P`&@`@@!@``````P````````$8`````$84````````#``>`""`&````
M``#`````````1@`````8A0```````!X`"(`((`8``````,````````!&````
M`#:%```!`````0`````````>``F`""`&``````#`````````1@`````WA0``
M`0````$`````````'@`*@`@@!@``````P````````$8`````.(4```$````!
M``````````(!"1`!````9P@``&,(```W$```3%I&=1:`TY<#``H`<F-P9S$R
M->(R`T-T97@%00$#`??_"H`"I`/D!Q,"@`_S`%`$5C\(50>R$24.40,!`@!C
M:.$*P'-E=#(&``;#$27V,P1&$[<P$BP1,PCO"?>V.Q@?#C`U$2(,8&,`4#,+
M"0%D,S864`NF(%<D96P#($D@%!!E(&IY"&$@$]!O#>`'D6')!"!B90N`9R`"
M(!V`X&]F(#(N"J(*A`J`8#$N("!5%!`>8""X3&%Y$H$40`/A=!/0V"!T;QW@
M&"!A#K`AT!YH'8`4$`JQ(D)63$&B3AY1;F0@$^!V(++0;75L=`4@;!V`"X!)
M#K!R9@#092@?`F'\9&08(`01`A`%P"(P(;%W)!`CP`6P*1[Q(,$!D&?R9PF`
M('`7P2)Q(D`DX/\$(`JQ!4`?02:3(U(@81^:VQ]P('!'%"`@QS,A9B.W.2:9
M(&<A\"3Q+>%T)]D$(&]W`Z`#8'4E$2@4WR=A(H(KGR/0(A5F`Q`E$3\$("'A
M!T`7L`?@`B!L>3TB<W0C``$@#>`=DB!W/P!P*%$A\"W1(H`NX6=HU1^+3P4P
M:2=A,2BR$]#5(C!P$H%B+P`@[EMAIL PROTECTED]#0;"&0="3!!&`8("4=46,(<&4L
M'3!-3]4J#2TZPD\%$&<+@`=`MP70)A$GP&4ZPQ^41@-A"CH=,'8#D49O>"!F
M6P#`,<%O.@:0/8`QJ#`P0!X`=#W"+@6@O&U='Y0&8`(P/0!-`B#F9"$`.8!/
M8R'@'J`A,3(U.8`Q.4&`-F`P.J`P-2!031^45#X0D2L@:6)S`B!"0`G`[G4"
M,`=`/R([,:$8(#00$1T0<T!,!`!T<RX`1TY!0RY.150Q/W5U8FH%D$`!4F4S
M/0`C4B`M(,$4$&UIOBU$-B[0'0`B02/0<0I0WT3P-C$?FA_U)T!%+2D_,?\'
MD0N`'F(#D0[!"?``D"=A9Q]!(H%$0"`B)/,[82)2(!\0='<%L&L?A3(E)T!3
M2W$@=2"A1E0.4#F`0Q!/951%3$4$3E10"5),3T=)WDY0!1/@-J$#<&([438C
M_Q]`'Y0B@100'XLZ:3=P.RU;1R`\+CQ"[P-P/D)(//<^/UDQ1!`\1#]%15E5
M/]]M0.PY0>`V<$%"-4881>]&ST??2.\?UCX=,2/U!:#^=22R'T%B]C(1*().
M8"1PVR/1'0!P2[,`@'<&<1[1OQVC8O8?A5E59)`@4D0A\-\STB?@-$,><`"0
M9R=Q'1%G3/0FU00@25`EQ@>0/_]D-BKR:F%L*A\0)_$T8FKDS2*#84]A%!!R
M=AXC)V%7':-.-1[P<F0V9`:09M\$D%V!<-=MIF0V5R&0'@#Y-U%K;BZ@'L(B
M@F>T<!7_(*%EZ!U`9M0[T#+R*)%A<?\`P!T0'Y0@\V0V*_=AL#40]P5`'J!/
M@F8D<`,@)E(=H?\@83UP0X`E\#+P%!!;X2#!?#(T*!0P'&0V*'-[5W?_*((S
MTF]B:2XZSSO=9)`\ST\]WS[M9)!==%1H"'!SA5X,,4%5-3HR-D(7?V200J);
MB#A@1/)K@`#0+O].,8=G1B9A#V(?8REIEF0WNRBCCB5&CJ]HOV14040G>R9#
M(H)%#M`C`$XQ,E1S_U`!>*&&8&Q6.8`%H`(P(P#_0,&7XB'@'Y28(1\00,!_
M9_\N,B!AB$!S41Y@./%.41[P]S839F8=@&,#D2*`"X!R49QF.FD]-@:=AB!(
M)`+QEV%.24-+HR*"6X::L\\HP9O$-H,*0&US7B$W0O\AD"BR.20DX7]H(J(`
M@")BORB1/S$W`"20))`D$7-E8/\+4`B1-J$`<'7`<Y$#``$@_R:$AK":\2YQ
M7@`!D&DN-X:_GP>4X'E!`"`2@3;P<`-@_R:A.8`?`GB111`@<)^3`Y'_)/(=
M$(,`<W,AA)EU=?,R0?]D-J`1H%\@<$JC+U1L!"%U_RC!!``&\(]2.8`@T"-2
M'Y3?JX9I)A(AI;^FR"(W``20[[email protected](-!UP!1N+2[D+R%U9W5Y
M_ZRB,I&<PAU`F"$QL+NPFQ+_(\&CE;(H;:=DMEOP(?`VT?\+("#!+N6]`3/P
M!X`",#8Q_R?Q*&,Y@$O!!;`$@2'2JZ%_<1`!`&0V.2,AD%XAG)%S_W5A9P&G
M(D^2K5\L8:-Q2W'_'P*9=7`59#:8(;,1'R..(?\A@SF`(I"[,"*1G,*G9"*"
MN0JP8VL4($40D_YN,O#_*"`D\QY1FQ*KD060!S"/87=I+HA``'!KEO!I/45@
M2WMI+6D]*M,_U$_57]9O*J5D-D=#="`F$B$N.8#\3"[9`$5@+G$\`(6R'5#[
MK(`.L&THLB92-T``D!\0^P009#9P"'`H(&UQ,K,@8?^#=<VTIR*\LP$`P5%#
ML2!P_D$=$=F49#8`P#+P>[$8(-=Q$`?0)_%B,O!A+P`>`/T%$'HG\;8Q</)#
M$)?DM9#_.&``<!XP<FE-EN$A<Q`%0/\W`4,1'Q"Q$]FD`_`=$7NQ_PK`$]"U
M\2/0)E(HD23`'G!_F=@TT!URP`$CE.`%JZ%D_QK0;X08(+NPCT$%L.$1K<'_
MSF!Q0G*'N%,$("&!+&'GD=YG@T&"\7N!,C)C'C&C<?\:T+*QO-`%L`#`DZ,K
M$4-T_V0VYB.G(NY2!3$S40$`PF7_"X!$\$-PKM%F0G$0(-#9E/T@85#GHL-G
MQ=$BT!X`'Q']':-![F!]$05`EA`Y,;7CW\+2"V#C,?'IR_]W^8",$/]#>-*_
M^W_\C_V?UO]C?SJT_P$O`C\#3P1?/#<\*&/<A"?>6UG`3X`-P$8@<R(06#"_
M.7&DX>E2V=$AX=FP:L)QW5+@;XN][.-D-B((640H][>2(G,4D&270&OU2X$[
MTA8NAU95-'T08``>`'```0```"@```!63$%.("T@82!S96UI+69I<F5W86QL
M(')E;&%T960@<75E<W1I;VX``@%Q``$````;`````;\?7Y2O/[VE)XL'$=.Z
M>`"`7V_>HP`5<E_P``,`+@``````"P`"``$````>`$(0`0```"D````\,3DY
M.3$P,C8P,C`T,CDN,CDP-#$N<6UA:6Q`:&]T;6%I;"YC;VT^``````,`_3_D
M!```0``Y`#!W/.6U'[\!`P#Q/PD$```>`#%``0```!````!'4E5.5$%,/T=)
M0E-/3D(``P`:0``````>`#!``0```!````!'4E5.5$%,/T=)0E-/3D(``P`9
M0``````#`"8```````,`-@```````P"`$/____\"`4<``0```#(```!C/553
M.V$](#MP/4=R=6YT86P[;#U.63%-4U@P,BTY.3$P,C8Q,S(W-#A:+3$T.3(T
M`````@'Y/P$```!B`````````-RG0,C`0A`:M+D(`"LOX8(!`````````"]/
M/4=254Y404P@)B!#3RXL($PN3"Y#+B]/53U.15<@64]22R]#3CU214-)4$E%
M3E13+T-./4=254Y404P_1TE"4T].0@```!X`^#\!````#@```$=I8G-O;BP@
M0G)I86X````>`#A``0```!````!'4E5.5$%,/T=)0E-/3D(``@'[/P$```!B
M`````````-RG0,C`0A`:M+D(`"LOX8(!`````````"]//4=254Y404P@)B!#
M3RXL($PN3"Y#+B]/53U.15<@64]22R]#3CU214-)4$E%3E13+T-./4=254Y4
M04P_1TE"4T].0@```!X`^C\!````#@```$=I8G-O;BP@0G)I86X````>`#E`
M`0```!````!'4E5.5$%,/T=)0E-/3D(`0``',.;*-^6U'[\!0``(,)"'D#^V
M'[\!'@`]``$````%````4D4Z(``````>`!T.`0```"@```!63$%.("T@82!S
M96UI+69I<F5W86QL(')E;&%T960@<75E<W1I;VX`'@`U$`$````^````/$,U
M,T9#.$)!.3,V1D0S,3%!-D,X,#`X,#5&.49!13,S,4$S-D8Y0&YY,6US>#`R
M+F=R=6YT86PN8V]M/@````L`*0``````"P`C```````#``80"M,$6P,`!Q""
M"@```P`0$``````#`!$0`P```!X`"!`!````90```%=%3$Q)4T5%64]54D-(
M3TE#15-!4T)%24Y'3TY%3T8R,55314%,05E%4C)35TE40TA43T-214%4151(
M15-%4$%2051%5DQ!3E-!3D1(059%04U53%1)4$Q%24Y415)&04-%*$\`````
M`@%_``$````^````/$,U,T9#.$)!.3,V1D0S,3%!-D,X,#`X,#5&.49!13,S
A,4$S-D8Y0&YY,6US>#`R+F=R=6YT86PN8V]M/@```!<K
`
end
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
