My company has two problems. One, we need a firewall system. We have been
using the FWTK plus packet filtering on the router provided by our
ISP, but we are about to change ISP's and we have never been comfortable
with having someone else responsible for our security. Consequently, we are
in the market for a full commercial firewall system.
The second problem is that we are running out of IP addresses in our internal
networks. We have several class C networks assigned to us, but our network
partitions into two logical networks. Each of these are already at about
250 or so hosts, with more on the way. So, I see two possible solutions.
First possibility, combine our Class C addresses. Our addresses are
4 consecutive networks, with the third octets being 16, 17, 18 and 19.
We are maxed out on 16 and 17, with 18 unused and 19 nearly so and able to
be folded into one of the other nets. My thought is to specify a subnet
mask of 255.255.254.0 and logically combine the four networks of 255 addresses
each into 2 networks of 510 addresses each. The only problem I have is I
don't know if that is even legal, or if so, then if it is supported by the
vendors of our systems. We are mixed Sun, SGI, Mac, PC.
The second possibility is ( I bet you can guess this one) is to get a
address translating firewall and use the enterprise private Class B
network. There are two ways that this can work as near as I can tell.
One is like the Private Internet Exchange from Network Translation
( now Cisco ) which uses dynamic packet filtering to transparently map the
addresses used. The other is via a set of application gateways, so that all
connections appear to be from the Firewall system.
The problem I have is that I do not know which firewalls can do which of
these types of translations. Gauntlet used to be able to do this via the
application gateway route, but with the semi-transparent proxies they
have developed, I do not know if this is still the case.
So how about it you firewall vendors and evaluators, which firewall systems
can help me out? Which firealls support use of enterprise private addresses?
Brian Utterback blu @
com Manager Technical Networks
Mercury Computer Systems, Inc. (508) 256-1300x168
199 Riverneck Road (508) 256-3599 FAX
Chelmsford, MA 01824 You can't grep dead trees.