On Wed, Nov 14, 2001 at 12:52:29AM -0800, [EMAIL PROTECTED] wrote: > All very true, but it does nothing to effect the topology change we > want, where a single large DMZ subnect becomes *instead* a bunch of > small subnets with firewall filtering between them.
My understanding of a guy i talked to is, that cisco swtiches not only support mac/ip locking (on ports) (which will reduce ip-spoofing in dmz) but also a secure mode where all ports of a switch can only talk to one named upstream port. Since I normally use 3Com here, I dont know if that is true. Greetings Bernd _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
