Although you can run more than two interfaces on one box there are
some problems, the two that spring straight to mind are:
- Increasing complexity of the configuration when simplicity should
always be an aim. This increase the danger of mis-configuration
especialy if changes have to be made at a later date.
- If the worst happens and your first machine is compromised a second
box will delay the cracker again before they get into your main
network. You don't have this extra line of defense if all is on one
box.
As always you have to balance all the requirements in your setup there
is no one answer fits all.
Regards,
Robin.
______________________________ Reply Separator _________________________________
Subject: RE: Dual firewall solution (??)
Author: owner-firewalls-outgoing @
GreatCircle .
COM at INET-1
Date: 6/24/97 12:48 PM
Ok, I thought of that too.
However, Firewall-1 (like - I think - any commercial Firewall) allows several
interfaces, so there's no need to have 2 of them. My point is, can't you
'mathematically' reduce a solution with 2 cascaded firewalls to 1 firewall,
given that it has 2 or more interfaces? As I see it, it will only cause an
overhead.
Thanks,
manuel
Follow-Ups:
|
|
