Re: Speed of firewall with AV/DI

From: Mark (nothere_at_notthere.com)
Date: 10/04/05 

Date: 3 Oct 2005 17:44:07 -0500

"Somebody." <somebody.@spamout.russdoucet.com> wrote in message
news:_9e%e.17326$p5.6638@nnrp.ca.mci.com!nnrp1.uunet.ca...
>
> "Mark" <nothere@notthere.com> wrote in message
> news:433ca5db$0$6854$bb4e3ad8@newscene.com...
>> "CCMiami" <nospam@modeldriven.org> wrote in message
>> news:pQc_e.71344$Cc5.40250@lakeread06...
>> If you want a COMPLETE UTTERLY SECURE FROM VIRUS'S BEYOND YOUR WILDEST
>> DREAMS network then investigate using a combination of Zoning, IPS/GAV,
>> and a switch that supports Multi-VLAN segementing. The Allied Telesyn
>> 8524M does this. It allows you to stop LAN clients talking to each other
>> and thus spreading nasties.
>>
>> What you do is through all your desktops and laptops into a LAN zone,
>> your servers into a SERVER zones and IPS/GAV between the zones. Because
>> the switch blocks the clients talking to anything but the Sonicwall they
>> can't spread nasties. You can do it on a TZ170 with the enhanced OS, but
>> you have to watch your throughput versus $$$ versus security ;)
>
> I love statements like that "utterly secure ..etc".
>
> No gateway device provides that unless it can detect viruses in pipes,
> kazaa, fragmented email messages, encrypted tunnels etc... which is
> impossible. Not to mention zero-day viruses.
>
> Also, are you planning on creating a separate VLAN for every single
> client? Have you ever tried to run a network bigger than 5 or 10 users
> that way?
>
> -Russ.
>

Yes actually. Its really easy to do, have a look at a switch, an Allied
Telesyn 8524M. It supports a feature called Multiple VLANs. It allows you to
assign an uplink port and automatically segments the rest of the ports. Its
fairly simple and straightforward to impliment. Thats a 24 port solution.
Then above that you use Protected and Private VLANs for larger installs.

Easy isn't it ;)

Relevant Pages

  • Re: Port Based VLANs
    ... Tagged portsused to connect devices which handle multiple VLANs - often ... VLANs with a port based VLAN. ... If I have switch with the following Port based VLAN configuration: ...
    (comp.dcom.lans.ethernet)
  • Re: uplinks and trunks
    ... We are not on any vlans yet just a flat layer 2 for now. ... only trunk vlans that are needed and only have vlans that are needed ... switchport trunk native vlan2 on the uplink port and I ended up losing all ...
    (comp.dcom.sys.cisco)
  • Re: badly in need of network advice
    ... > the same network to access the internet/print. ... If the companies care about security, they would need to use VLANs ... > managed switched and 48 port ones are pretty damn expensive, ... The server/printer would have to be on a separate subnet and you'd ...
    (comp.dcom.lans.ethernet)
  • Re: catOS on 4506
    ... So to do vlans, it really has to come down to assigning port by port basis? ... workstations) all can support .1X. ... really need to for non-workstation type gear ...
    (comp.dcom.sys.cisco)
  • Re: VLAN, Layer-2 oder Layer-3
    ... > Auf einem Switch sollen zwei VLANs gebildet werden (A und B, ... Die Netze sollen sich natürlich ... Du kannst auch zwei VLANs bilden, die einen dritten Port gemeinsam ...
    (microsoft.public.de.german.windows.server.networking)
Quantcast