Paul Robertson wrote: > > The firewall generally has one interface, if it's on the same segment as > 60 clients, and it's in bridged mode, it must look at every packet on the > wire- even when that traffic is client<->client rather than > client<-through->firewall.
The comeback to which would be "but switches make sure that the firewall doesn't see client<>client packets", but that's when I thought of something _really_ evil. With a bridging firewall, it becomes a breeze to transform the 1000-host, 5Gbps backplane LAN on the other side of the firewall into a hubbed 100mbps one. OUCH, damnit! :) Now _there's_ a valid reason for worrying. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit" _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
