I'm assuming you are talking about devices that can be assigned 1 IP number on all the interfaces like the Watchguard, and the NetScreen.
These devices still function on layer 3 for their connectivity, but use a proxy-arp to determine which interface certain IP's are on. Thus it forwards packets destined for the mac address on either side, but still examines the packet on layer 3 and up. M. Dante Mercurio, CCNA, MCSE+I, CCSA Consulting Services Manager Continental Consulting Group, LLC www.ccgsecurity.com <http://www.ccgsecurity.com> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > -----Original Message----- > From: ashley thomas [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 05, 2002 9:17 PM > To: [EMAIL PROTECTED] > Subject: Firewall: a basic question > > > hi, > > which is the lowest layer where a firewall can be implemented > ? i guess, it is network layer (layer 3) > > in that case , how is firewall implemented on bridges , which > is a layer 2 > device ? > > thanks > ashley > > > > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > >