On Thu, 7 Feb 2002, Ron DuFresne wrote: > Folks, it turns out luis is looking for a solutions that prevents each > subnet from crossing it's boundries: >
There are lots of different ways to do that though, and he should consider all the ways and make the best choice for his organization- none of us should hold that responsibility. > Hi, isolation means no bit could cross from one to another subnet. The > problem is how I can block the router from redirect traffic from subnet to > subnet!!!? If he already has a router with an interface for each subnet, then he just needs to add filtering rules to that router. VLANs will add partial security with no cost and may be implementable on switches he already has (not that I'd ever use a VLAN to ensure any type of compartmentalization- but some people try.) Multihomed hosts add more layers of control, but at higher admin costs than routers. > The conclusion..., which solution is the easiest and less expensive? ( I > mean less hardware added...) > I think that if firweall is needed, is subnetting really necessary? guess > don�t Yes, subnetting is necessary to have a working addressing scheme that can cross a layer 3 boundary (router, firewall that isn't a bridge...) > A multi-homed firewalling solution or a number of firewalls, one for each > subnet. Multihomed solutions are always cheaper, but provide little to no redundancy- and this is generally a good time to think about adding redundancy- though it'll add cost. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
