From: Mike Hunziker (MCHunziker_at_us.fortis.com)
Date: Wed Dec 01 1999 - 08:13:58 EST
Tom...the cisco 675 plugs into a hub...the machines connect to the hub.
Isn't that directly connected? Can't the cisco serve as the firewall with
port blocking? You would still need to lock down the windows machines
but there is no need to leave all ports open either.
>>> Tom Trottier <Tom_at_act.ca> 12/01/99 12:31am >>>
No, there is no "direct" connection. The firewall on the interface machine
would interface with the DSL, do any filtering, virus checking or
whatever,
translate the address the packet came in on, (IP or IP+port) & distribute
it to the appropriate machine with its own IP address in the subnet.
I'm just a dilettante - see
http://www.networkcomputing.com/netdesign/wall1.html
Tom
At 20:47 1999/11/30 -0800, Randal Whittle wrote:
>At 11:40 PM 11/30/1999 -0500, you wrote:
...
>>Actually, the firewall software only needs to be on the machine that
>>interfaces to the internet. Then you'd need a separate ethernet card to
>>connect up the other machines.
>>Tom
>
>Tom,
> Doesn't this assume a traditional server configuration?
> I'm looking at a situation where a small number of machines are
>peer-networked, all making use of a DSL Modem. In this configuration
(if I
>understand it properly), each machine is essentially connected to the
DSL
>line directly--which means each one would need individual protection at
a
>software level (or a piece of hardware between them and the
connection to
>the Internet, whether that is a server or a specialty firewall box such as
>the Sonic Wall I described either.
>
> In such a configuration--peer networked machines--am I mistaken
in
>presuming that each machine would require a software firewall to be
protected?
>
>- Randy Whittle
------------------
From:Tom Trottier, 400 Slater St. Suite 415,Ottawa ON Canada K1R 7S7
__o Voice: +1 613 291-1168 fax(no ads, please): 594-5412
_ \< "Make it as simple as possible, but no simpler" - Einstein
(*)/'(*) TomTrottier_at_hotmail.com
****************************************************************
Please Note
The information in this E-mail message is legally privileged
and confidential information intended only for the use of the
individual(s) named above. If you, the reader of this message,
are not the intended recipient, you are hereby notified that
you should not further disseminate, distribute, or forward this
E-mail message. If you have received this E-mail in error,
please notify the sender. Thank you
*****************************************************************
attached mail follows:
No, there is no "direct" connection. The firewall on the interface machine
would interface with the DSL, do any filtering, virus checking or whatever,
translate the address the packet came in on, (IP or IP+port) & distribute
it to the appropriate machine with its own IP address in the subnet.
I'm just a dilettante - see
http://www.networkcomputing.com/netdesign/wall1.html
Tom
At 20:47 1999/11/30 -0800, Randal Whittle wrote:
>At 11:40 PM 11/30/1999 -0500, you wrote:
...
>>Actually, the firewall software only needs to be on the machine that
>>interfaces to the internet. Then you'd need a separate ethernet card to
>>connect up the other machines.
>>Tom
>
>Tom,
> Doesn't this assume a traditional server configuration?
> I'm looking at a situation where a small number of machines are
>peer-networked, all making use of a DSL Modem. In this configuration (if I
>understand it properly), each machine is essentially connected to the DSL
>line directly--which means each one would need individual protection at a
>software level (or a piece of hardware between them and the connection to
>the Internet, whether that is a server or a specialty firewall box such as
>the Sonic Wall I described either.
>
> In such a configuration--peer networked machines--am I mistaken in
>presuming that each machine would require a software firewall to be
protected?
>
>- Randy Whittle
------------------
From:Tom Trottier, 400 Slater St. Suite 415,Ottawa ON Canada K1R 7S7
__o Voice: +1 613 291-1168 fax(no ads, please): 594-5412
_ \< "Make it as simple as possible, but no simpler" - Einstein
(*)/'(*) TomTrottier_at_hotmail.com
This archive was generated by hypermail 2.1.3 : Thu Jan 23 2003 - 09:55:38 EST