RE: [fw-wiz] vpn end-point
From: Frederick M Avolio (fred_at_avolio.com)
Date: 03/19/04
- Previous message: Dave Piscitello: "RE: [fw-wiz] vpn end-point"
- In reply to: Dave Piscitello: "RE: [fw-wiz] vpn end-point"
- Next in thread: Dave Piscitello: "RE: [fw-wiz] vpn end-point"
- Reply: Dave Piscitello: "RE: [fw-wiz] vpn end-point"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Dave Piscitello <dave@corecom.com>, paul <paul@compuwar.net>, "Claussen, Ken" <Ken@kccweb.com> Date: Fri, 19 Mar 2004 11:48:01 -0500
At 08:40 AM 3/19/2004 -0500, Dave Piscitello wrote:
>I am surprised no one mentioned that terminating VPN at the firewall lets
>you distinguish VPN traffic from all other traffic routed through the
>firewall (without topological or addressing finagling), and protects VPN
>traffic to the security policy enforcement point, e.g., across the "DMZ"
>you have between the router and firewall (unless the router-firewall link
>is a crossover cable, it's a network, and I've seen people throw IDS/IPS,
>performance analysis devices, and gee, how about a web server there - and
>that's only the list of systems they learn about).
Which begs the question: How many of you with firewall/VPN combinations can
and do configure the VPN to functionally terminate before the firewall?
Some firewall/VPN boxes assume no firewalling for VPN connections. IE, if
you are authenticated, you are in.
f
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Dave Piscitello: "RE: [fw-wiz] vpn end-point"
- In reply to: Dave Piscitello: "RE: [fw-wiz] vpn end-point"
- Next in thread: Dave Piscitello: "RE: [fw-wiz] vpn end-point"
- Reply: Dave Piscitello: "RE: [fw-wiz] vpn end-point"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
