Re: [fw-wiz] Real Traffic Testing
From: John Adams (jna_at_retina.net)
Date: 10/24/03
- Previous message: Lagula, Cecil: "RE: [fw-wiz] (no subject)"
- In reply to: Gianpiero Porchia: "[fw-wiz] Real Traffic Testing"
- Next in thread: Luca Berra: "Re: [fw-wiz] Real Traffic Testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Gianpiero Porchia <gianpiero.porchia@atsweb.it> Date: Fri, 24 Oct 2003 14:47:39 -0700 (PDT)
> - Get traffic from OUTSIDE to INSIDE using TAP-1
> - Get traffic from INSIDE to OUTSIDE using TAP-2
This looks like asymmetric routing to me, and I don't see how you're going
to make this work.
Are these stateful firewalls? How are the two firewalls going to share the
state table for inbound/outbound packets and handle them correctly?
> The problems:
> - The traffic is directed to the MAC address of FW, so FW-test will drop it;
Well, the packets are rewritten by your outside router on the way in, and
the router isn't going to know which firewall handled the transaction.
> Have you some idea to get the objectives?
You can't make this work unless the firewalls are in some sort of active,
redundant configuraiton, with exactly the same configuartions and shared
state tables.
-john
-- J. Adams http://www.retina.net/~jna _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Lagula, Cecil: "RE: [fw-wiz] (no subject)"
- In reply to: Gianpiero Porchia: "[fw-wiz] Real Traffic Testing"
- Next in thread: Luca Berra: "Re: [fw-wiz] Real Traffic Testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
