Nothing, repeat NOTHING, in my company is in front of a firewall. The question is not whether it should be behind a firewall, the question is why it should be exposed to the Internet when it could be put behind a firewall.
I had a 3030 concentrator behind CP for awhile and it worked fine. We used UDP Encapsulation. We filtered everything hitting the concentrator to make sure only the needed ports and protocols were allowed. Putting it in front of the firewall = a potential short circuit around the firewall. A small potential to be sure, but it's still there and does not need to be. Ray
From: ". security" <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[email protected]> To: [email protected] Subject: [FW-1] checkpoint | cisco concentrator [design thoughts] Date: Wed, 25 May 2005 20:09:56 -0500 We are going over a new network design, and trying to determine if this is overkill. Is it necessary to put a Cisco concentrator behind a firewall? I haven't been able to find a a lot of documentation indacting that it's necessary. Here's the design we've come up with: -public interface, located in the dmz statically NATd to a public address -private interface also located in the same DMZ but on a different network this interface is pointed towards the internal network. internet | [firewall]-------------------------------------------------|DMZ | | | | public int [NATd] private int [faces back to internal net] | internal network thoughts? ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
