This is not an unusual setup, my company also uses frame relay, and we have
28 offices accross the country. My first thought was to have a similar setup
to yours, but I have decided to have the net traffic come in to a separate
subnet with a couple of routers and a firewall machine at our main office.
I'm currently in the process of getting the hardware and software setup.
Kuojueng Fung
System Manager
Prentice Hall Legal & Financial Services
>
> My company's network is arranged in a way which would appear to make
> firewalling very difficult. We have offices in three cities which are
> connected to each other and to our network provider via a public
> frame-relay network.
>
> Internet
> |
> |
> -----------------
> | |
> office1 --------| frame relay |--------office2
> | |
> -----------------
> |
> |
> |
> office3
>
>
> There are virtual links between office 1 and the other three sites.
> Incoming data from the net therefore is routed by the service provider
> to office1, which in turn forwards it to office2 or office3.
> Similarly, traffic from office2 to office3 would flow through the
> router at office1.
>
> The fundamental problem with trying to set up a traditional firewall
> here is that the same T1 line brings in Internet traffic and
> interoffice traffic. How reliably can we filter the Internet traffic
> without interfering with the interoffice traffic?
>
> -----------------------------------------------------------------------------
> Eric Weber weber @
eskimo .
com
>
> This is my personal account. I have no affiliation with Eskimo, other
> then being a subscriber.
> -----------------------------------------------------------------------------
>
|
|
