On Sat, Apr 20, 2013 at 6:26 PM, Tom Jensen <
[email protected]> wrote:
> **
>
> I have been a long time Shorewall user. My company has grown it is was
> time to decommission many of the old servers and network devices.
>
> I was contemplating ditching Shorewall in my new network configuration. I
> originally bought a new Cisco all-in-on VPN/Firewall/Wireless AP product in
> order to consolidate many existing devices. I soon learned how undesirable
> that device was. The Internet forums are filled with user complaints and
> documented bugs with no workarounds. So this brand new device is being
> repurposed as a paperweight and I am turning back to my trusting Shorewall.
>
> [cut]
>
I too am using VLAN's quite extensively, 21 at one site, 19 at another.
They simplify physical switch configuration and wiring immensely and
provide excellent security for traffic on the same switch.
In my scenario I have shorewall at both locations acting as firewall
between all the VLAN's, my switches do not route VLANs, but I don't have
heavy traffic utilization so this is not needed.
While my servers have 2 NICs, I typically only use one. ISP's devices are
on a VLAN with only my shorewall machine so only shorewall can route
traffic in/out of each ISP. Each ISP gets a VLAN.
I also have multiple ISP's at each location (2 at one location, 3 at
another, with 4 accounts on one ISP).
If you are starting from scratch, I'd recommend steering away from the
default VLAN which is typically 1 for network devices -- at least if you
are security conscious. I wasn't aware of this coming in. This means if I
don't configure a port specifically, it's on VLAN1 which of course is where
all the network equipment resides.
-- lee brown
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
