Firewalls: Re: screened host configuration

Firewalls
(August 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: screened host configuration
From:	paul @ hawksbill . sprintmrn . com (Paul Ferguson)
Date:	Mon, 1 Aug 1994 18:55:39 -0500 (EST)
To:	dmargrav @ clark . net (David T. Margrave)
Cc:	firewalls @ greatcircle . com
In-reply-to:	<199408012009 . QAA25861 @ clark . net> from "David T. Margrave" at Aug 1, 94 04:09:13 pm


> 
> Any opinions on this?
> 

But of course.  ,-) 


> 
> 
> Normal:
>                                       Bastion Host  
>                                         |
> Internet -----> Screening Router -------|
>                                         |
>                                       Inside Network 
> 
> 
> 
> Modified:
> 
> 
>             Bastion Host 
>               |  
> Internet -----|-----> Screening Router ----> Inside Network
>


Actually, if you have the hardware, you may want to consider:


                                                   | 
 internet -----+------> bastion host -------+------+ local ethernet
               |              a             |      | 
            screening                   screening
             router                      router
               a                           b 


This way, "bastion host a" can be the sole occupant for a particular
network, what we call a perimeter network. This box can not only act
as a "bastion," as folks like to call them, but it can also house all
proxy services and act as an application gateway, if necessary.

This box can also be the only IP network advertised to the remainder
of the Internet community in the policy routing database. 

Just a spin on things.

Cheers,


_______________________________________________________________________________
Paul Ferguson                         
US Sprint 
Managed Network Engineering                        tel: 703.904.2437 
Herndon, Virginia  USA                        internet: paul @
 hawk .
 sprintmrn .
 com

References:

screened host configuration
From: dmargrav @ clark . net (David T. Margrave)

Indexed By Date	Previous:	Re: screened host configuration From: johns @ oxygen . house . gov (John Schnizlein)
Indexed By Date	Next:	Re: prevalence of sniffing ? From: Steven McElwee <steven @ mozart . acpub . duke . edu>
Indexed By Thread	Previous:	screened host configuration From: dmargrav @ clark . net (David T. Margrave)
Indexed By Thread	Next:	Re: screened host configuration From: johns @ oxygen . house . gov (John Schnizlein)