Re: [fw-wiz] Forwarding traffic to an active IDS/Firewall
From: Vinicius Pavanelli Vianna (ds_at_hacked.com.br)
Date: 07/22/05
- Previous message: Dave Piscitello: "Re: [fw-wiz] Internet accessible screened subnet - use public orprivate IPs?"
- In reply to: Dale W. Carder: "Re: [fw-wiz] Forwarding traffic to an active IDS/Firewall"
- Next in thread: Aaron Smith: "Re: [fw-wiz] Forwarding traffic to an active IDS/Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Dale W. Carder" <dwcarder@doit.wisc.edu> Date: Fri, 22 Jul 2005 12:43:38 -0300
Hi,
This was exactly what i was looking for, PaulM send me a cisco page
that contains info about PBR on cisco hw, so I will check it, the other
answer whas to put the IDS/Firewall between the switch and the uplink on
the datacenter, but i think this is a better solution since it allows me
to do load balance too in future.
Thanks for all people that helped me.
Dale W. Carder wrote:
>Thus spake Vinicius Pavanelli Vianna (ds@hacked.com.br) on Wed, Jul 13, 2005 at 06:39:35PM -0300:
>
>
>>Anyone knows how I can forward all traffic the came to a Cisco Catalyst
>>swith to an gateway to do some IDS/Firewall/Traffic Shape?
>>
>>
>
>Use a policy route to force the next-hop. I think that's the
>closest thing to what you want. However, given that traditional
>switches are more or less agnostic to layer 3 information, you can't
>do that unless you have a switch with a routing card, or actually
>have a router.
>
>If you're only looking for IDS stuff, most high end switches support
>port mirroring.
>
>So, a layer-2 solution could use vlans and have your IDS/Firewall/Traffic
>Shape thingy route, bridge, or proxy-arp between them.
>
>Or, use a PC or some other device that can make switching decisions
>based on higher level stack information.
>
>Dale
>
>----------------------------------
>Dale W. Carder - Network Engineer
>University of Wisconsin at Madison
>http://net.doit.wisc.edu/~dwcarder
>
>
>
>
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Dave Piscitello: "Re: [fw-wiz] Internet accessible screened subnet - use public orprivate IPs?"
- In reply to: Dale W. Carder: "Re: [fw-wiz] Forwarding traffic to an active IDS/Firewall"
- Next in thread: Aaron Smith: "Re: [fw-wiz] Forwarding traffic to an active IDS/Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
