Darren Reed wrote:
>> I have recently joined this group in hopes of seeing how to protect our
>> network(s). In all the conversations I have been following, I have only
>> seen refernces to Ethernet. I am wondering if there are any TokenRing
>> based firewall packages? We are mostly TR with some Ethernet. We do have
>> a couple of Cisco routers (2500 & 4000's). We are TR attached to our service
>> provider thru the 2500. Any comments would be appreciated.
>The link layer (Token Ring/Ethernet/PPP) should not make any difference to
>your firewall. If you go for the proxy firewall, it makes 0 difference,
>only some packet filter types might have trouble if they've only been
>implemented to support Ethernet frames. ie it won't be of concern to your
>ciscos if you include them as part of your firewall.
>The only box that I could imagine having some trouble would be SunScreen
>(or other NATs) which don't plug into Token Ring (?).
In theory this should be so -- Token Ring and Ethernet are both packet-based
media whose packets can be made to correspond on a roughly 1:1 basis with IP
datagrams. This makes it much easier to support at the network level than,
say, ATM cells.
Unfortunately, the realities of the marketplace dictate that it is not always
true. Firewalls based on proprietary OS's or extremely stripped-down unix
variants typically provide driver support for only a limited number of network
cards -- and token-ring cards generally aren't high on their list. For
instance, the Borderware firewall which our company has purchased supports only
Ethernet -- while our shop is straight Token-Ring. So add another $4000 or so
(and added complexity and hop-counts) for a router to sit between our main
network and the Ethernet hub to which our firewall is connected. It's not that
they can't, or even that it would be particularly difficult. They just haven't
gotten around to it.
Ken Smith
Independent National Mortgage
|
|
