kay, I give up trying. I will then try to put Linux Proxy client back on the network, operating as before and another time with more tranquility I explain to him that this is not the best scenario, explain the security holes that exist as in the case of an application in which you want static IP equipment.
Thanks for the support of all friends here and the list of safety observations made here for everyone I serve as a new learning from experience for future projects, but I was always in favor of the physical segmentation as well, each group of machines or VLANS separate switches, but as I explained before, the client does not have the necessary equipment for this, not now. Thank you! Ivanildo Galvão - MCP, MCT, MCSA, VSP Consultor de Tecnologia Tel. (84) 3201 2146 | Cel. (84) 9111 8873 ivani...@itservices.com.br | www.itservices.com.br Twitter: @ivanildogalvao -----Mensagem original----- De: Jim Pingle [mailto:li...@pingle.org] Enviada em: sexta-feira, 2 de setembro de 2011 09:15 Para: support@pfsense.com Assunto: Re: RES: RES: [pfSense Support] Static ARP On 9/2/2011 8:09 AM, Ivanildo Galvão - IT Services wrote: > Please excuse my ignorance, but can you give me examples of the risks posed > by this scenario? It serves as a basis to explain to the client that even in > the previous solution with Linux, the setting was already correct. I just said it in my last e-mail. As have others here. If you have multiple subnets in the same network with no layer 2 segregation (physical or VLAN), there is zero security gained by that practice. All a client has to do is change the IP settings on their network card from DHCP to a static IP in any of the subnets, and they can talk to anything there. Even if you put static ARP on the firewall, that gains you no protection between the clients, servers, etc, in those other subnets. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
