Re: [fw-wiz] separating the servers on a switch

From: m p (sumirati@yahoo.de)
Date: 09/12/02 

From: m p <sumirati@yahoo.de>
To: Shimon Silberschlag <shimons@bll.co.il>
Date: Thu Sep 12 14:16:16 2002

 --- Shimon Silberschlag <shimons@bll.co.il> schrieb: > The servers need to
talk with the uplink (internet) servers, the
> downlink (backend) servers. This is trivially done with the firewalls.
> What we want to do is control which servers on the segment talk among
> themselves.
>
> Shimon Silberschlag

There is basicaly only one way to do it: Install firewalls (or packet filters)
in the different DMZs. It would look like (in good old ASCII art):

    |
    | Uplink to the Internet
    |
 Firewall
    |
   DMZ public
    |
 Firewall
    |
    | "Downlink"
    |

   DMZ private

> ----- Original Message -----
> From: "m p" <sumirati@yahoo.de>
> To: "Shimon Silberschlag" <shimons@bll.co.il>
> Sent: Thursday, September 12, 2002 15:56
> Subject: Re: [fw-wiz] separating the servers on a switch
>
>
> > Hi Shimon,
> >
> > please decompress your question && resend it.
> >
> > thanks
> >
> > marc
> >
> > ps: look for the comment.
> >
> > --- Shimon Silberschlag <shimons@bll.co.il> schrieb: > Lets say we
> have an
> > internet segment, protected by firewalls at both
> > > ends. On that segment are various servers.
> > > The servers need to talk to other servers outside the segment;
> uplink
> > > its the internet, downlink the backend servers.
> > > Some of the servers need to be able to talk among them.
> >
> > ^-- from here on it is not clear which servers are which servers are
> on which
> > link they are.
> >
> > > We want to control which server can talk to which other server (in
> the
> > > segment), utilizing one of the firewalls (lets say the uplink
> one).
> > > Can the group suggest ways to accomplish that? We thought about
> using
> > > L2 switches with "private VLAN", L3 switches with ACL, but
> constantly
> > > come across problems doing the routing properly.
> > >
> >
> >

__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Möchten Sie mit einem Gruß antworten? http://grusskarten.yahoo.de

Relevant Pages

  • RE: Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.
    ... Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. ... gateway and filter the access from/to the internal networks to the servers ... > have no website or web services other than Internet access and e-mail. ...
    (Focus-Microsoft)
  • Aftermath of Code Red
    ... Public Internet and our internal network by firewalls) and a server ... Internet connectivity due to excessive traffic. ... None of our internal servers, extranet servers, ... TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE ...
    (NT-Bugtraq)
  • Re: ARE BLUE SCREENS WITH A SMALL SQAURE WARNING ABOUT HAVING DETECTED MYDOOM VIRUS
    ... I use it for alerts to my server when there is a problem on a ... > Firewalls generally close it off the internet anyway. ... Of course there is no point in having unnessecary servers running on ...
    (microsoft.public.security.virus)
  • Re: DMZ Arguments....
    ... building a DMZ because you want to have one is a loss of money and other ... If these servers are in your internal net and have some ... In this case you build an area between two firewalls to monitor traffic ...
    (Security-Basics)
  • RE: IIS6 Security and other web servers
    ... IIS6 Security and other web servers ... I know of no Windows architecture that is exposed directly to ... I know of a number of LAMP-type servers that are ... exposed directly to the Internet with no intervening layers. ...
    (Security-Basics)