I have a Frame Relay circuit that I am running my WAN on and have spare
capacity. It would be nice to be able to take some of that capacity and
create a PVC between me and my ISP. Currently we have a dedicated
circuit to the ISP. Obviously, a DLCI on a pre-existing FR circuit will
save me a lot of $$$ over a dedicated circuit. With that in mind I have
several questions that I hope the group can help me with:
The circuit attaches to W1 on an ACC Amazon that has a W2 available. In
order to pass a DLCI to W2 to reach my firewall, I have to establish the
connection from W1 to the ISPs router, create a filter that will deny
all traffic from the DLCI to the rest of the network and force it all
out to W2 on the Amazon. The firewall attaches to my network and also
has a DMZ.
Is this architecture sound from a security perspective? Do have have
substantial risks on my W1 port? Will this architecture make my
internal WAN vulnerable to flooding?
Many thanks for your feedback...