On 7 Feb 2002, at 2:16, luis wrote: > Hi, I have been told that in order to keep the different company > departments "isolated" each other( but everyone accessing > internet), I have to use subnetting. after the reading of some > books and articles, I haven�t found any reference (one indirect > but not useful). But I think that I need firewalls to do the job. > So I�m asking for some light, reference to article, experience, > book... whatever. > Thanks a lot > luis
It's unusual (but not unheard-of) to require much isolation between internal departments, but if you require it then some sort of firewall or packet filter is probably the tool for the job. Many firewalls (can) look, to other network devices, like routers, and applications of routers at other than net/subnet boundaries are kind of funky. There are two basic approaches that I'd consider: 1. A firewall with separate ports for the different internal subnets. This is an option on the PIX, and probably on many firewall products that run on top of a general-purpose OS; it's less feasible with most "appliance" firewalls. 2. A firewall between an internal router and the Internet, with packet filters on the router restricting traffic flows between the subnets. This might be a routing module between VLANs on a switched network.... The key difference is whether Internet and inter-department policies are implemented/managed on the same box or not -- there are arguments for and against both. DG _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
