What are some examples of briding firewalls. I heard that sonicwalls are briding firewalls.
Tks. Rgds, Simon On Sat, 13 Apr 2002 00:28:12 +0200 Mikael Olsson <[EMAIL PROTECTED]> wrote: > *This message was transferred with a trial version of > CommuniGate(tm) Pro* > > Yes, I'm in a sarcastic mood. I get that way when I see > uninformed assertions. You've been warned. > > Diederik Schouten wrote: > > > > Bridged firewalls do not need subnet based address > assignment on > > their interfaces, you can have 10 interfaces with > technically > > overlapping IP address ranges on all. > > > > When you have to add the firewall to an already > existing network, > > you do not need to reconfigure any other device on the > network, > > your addressing schemes and routing stays exactly the > same, the > > only downtime you will have is due to the fact that you > have to > > connect the cabels > > This is impossible with a routing firewall? > Dzang, I must have only dreamed us doing that for all > these years. > [And all the other boxes doing that I don't remember > right now] > > > Similar situations will require vast/intelligent > routing on > > a routed firewall > > Iface Destination > ----- ----------- > eth0 10.0.0.0/8 > eth1 10.0.0.5-10.0.0.8 > eth2 10.0.1.0/24, -10.0.1.88 > vlan5 10.0.0.15, 10.0.0.18, 10.0.0.20-10.0.0.25 > > Yeah, in our case, we needed to implement half an AI to > get that > to work. Took all of about an afternoon. > > > > Link redundance without session loss is also extremely > easy to > > setup using a bridged firewall > > Hm I must also have been dreaming when I added those HA > slaves > with <1 second failover time. Using non-bridging > firewalls. > With less than five minutes of work per cluster (sans > hardware > install time, of course). > > > > It will not show up as a gateway anyware. > > Hm. Enable proxy arp on the internal interface for the > entire > default route. Problem solved -- it'll look like an L4 > switch. > > > > Traceroutes won't show it is there etc. > > Blocking traceroute isn't exactly rocket science. > A determined firewall aims at blocking _firewalking_, > plus > variations thereof, by default. Are you suggesting that > this won't stop that measly traceroute? > > > > Unless you know it's IP address already you will not be > able > > to find it. > > Nmap will tell me it is there in about 10 seconds. I > betcha its > signature sticks out like a sore thumb too. > > > > Putting multiple firewalls in series to create for > example more > > ports becomes very easy, although for example with the > Lucent BRICK > > this is not necesary since it supports VLAN tagging and > with a VLAN > > capable switch you can create virtually any number of > "virtual" > > firewalls you might need, and give them all their own > ruleset. > > No need for recabling and expensive upgrades > > Jeez. I was wrong about VLAN support in routing firewalls > too. > > And only using VLANs must be a SUPERIOR way of adding > more interfaces. > Especially given the "VLANs and security" thread going on > right now. > > > > a purpose build firewall does not depend on the > operating system of > > the router/platform it is running at, lowering the > chance of being > > penetrated due to bugs in code other than for the > firewall > > Although I agree 100% with what you are saying here, I > cannot > for the life of me grasp how this constitutes a "pro" for > a bridged > firewall over a routing firewall. > > > > In summary: you haven't convinced me in any way that a > bridging > firewall has a single security advantage (or even a > management > advantage) over a routing firewall. > > > -- > Mikael Olsson, Clavister AB > Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden > Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 > Fax: +46 (0)660 122 50 WWW: > http://www.clavister.com > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls "Fanaticism consists in redoubling your efforts when you have forgotten your aim." -George Santayana, Philosopher _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
