Mubin,
This is a tough question to answer without a better understanding of
your network and the various services running on it. It also comes down to
a security methodology of do you want physical or logical separation. For
example I prefer to have the perimeter devices as physically separate as
possible. I have seen people connect their boarder router, F/W, and dmz
severs all onto the same core switch. This just scares me. I typically
like the boarder router and fw on one smaller switch and dmz on a second,
then core on a 3rd. Not all environments can due this.
you may want to take a look at our website http://www.redseal.net I
would be happy to hook you up with a demo of our software, I would even do a
webex once you have it up and running to help you with this question. Let
me know if your interested.
Cheers,
Brian
--------------------------------------------------------------------
Brian Laing
Chief Security Officer
Cellphone: +1 650.280.2389
Office: +1 (888) 845-8169 Ext. 805
Email: brian@redseal.net
Redseal Systems http://www.redseal.net
Instant Visibility. Threats Averted.
-------------------------------------------------------------------
From: Mubin Shaikh <mubines@yahoo.com>
Date: Wed, 20 Jun 2007 04:34:04 -0700 (PDT)
To: <security-basics@securityfocus.com>
Subject: Firewall positioning in Large Network
Resent-From: <security-basics-return-44888@securityfocus.com>
Resent-Date: Wed, 20 Jun 2007 11:28:53 -0600 (MDT)
Hi,
Question -
What is the best logical placement for firewall in
large network?
If I have 3000+ user organisation with both core and
access switch available, will i connect my firewall to
core switch or access switch ? and why ?
Thanks
-Mubin
____________________________________________________________________________
________
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel
and lay it on us.
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
