Hello Luis,
No problem. Try this configuration:
______
( )
(Internet)
(______)
| ----------
| |Server01|
| //----------
_____ | // _____
( ) -------- ---+-+--- -------- ( )
( Net-A )--|Router|--/--|firewall|--/--|Router|--( Net-B )
(_____) -------- ---+----- -------- (_____)
|
/
|
-------- Note:
|Router| --/-- = X.25
--------
__|__ //
( ) // = ethernet
( Net-C )
(_____)
The firewall has to have special characteristics, of course.
It has to support multiple interfaces
It has to support serial interfaces
It has to support x.25 interfaces
It has to support arbitrary security relationships among the interfaces
Firewall-1 software on a Sparc platform meets these needs. The Sparc platform supports many interface types, including x.25 and ppp.
Regards,
Don
>Date: Thu, 12 Dec 96 09:18:21
>From: israel .
serrano @
solmelia .
es
>Subject: Restricted access.
>
>Hi people
>
>I've come up with a little problem relating secure intranets. The following
>picture shows the configuration (well, just a little part of it) of a network.
>
> ______
> ( ) ----------
> (Internet)--|FireWall|
> (______) ----------
> | ----------
> |----|Server01|
> | ----------
> _____ | _____
> ( ) -------- --------- -------- ( )
>( Net-A )--|Router|--/--|RouterA|--/--|Router|--( Net-B )
> (_____) -------- --------- -------- (_____)
> |
> /
> |
> -------- Note:
> |Router| --/-- X.25
> --------
> __|__
> ( )
> ( Net-C )
> (_____)
>
>The idea is to 'create' a sub-network which would include Net-A, Net-B and
>Net-C, so they can have full access to each other (including services such
>as Telnet, ftp and so on). The WorkStations of this (let's call it department)
>should NOT be allowed to use any service (except maybe http, snmp or pop3)
>outside the department boundry. But, Server01 (to say one) should be able to
>telnet (for example) any component of the department's net.
>
>And now the questions.
>a.- I'm pretty sure that I cannot use the Firewall properties to allow/disallow
>the above, right?.
>b.- Then, how can I secure the Corporate network from the department network
>just the way described above? (do I have to set up a Firewall after RouterA?)
>
>Thanks for feedback.
>
>
>Luis Israel Serrano Barge
>Departamento de Sistemas de Información / Information Technology Department
>Sol Meliá (http://www.solmelia.es)
>email: israel .
serrano @
solmelia .
es
>Tlf: +34 (9)71 43 70 57 Fax: +34 (9)71 43 70 52
pollock @
houston .
omnes .
net Network Systems Engineer +1 713 513 3017
Omnes - A Schlumberger/Cable & Wireless Company http://www.omnes.net/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The true mark of intelligence is to learn from the experiences of others.
-------------------------------------------------------------------------
|
|
