Re: LAN access while VPN is up
From: Triffid (triffid_at_nebula.net)
Date: 11/03/05
- Next message: jameshanley39_at_yahoo.co.uk: "Re: port forwarding/ opening port"
- Previous message: Triffid: "Re: LAN access while VPN is up"
- Maybe in reply to: Moe Trin: "Re: LAN access while VPN is up"
- Next in thread: Triffid: "Re: LAN access while VPN is up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 02 Nov 2005 20:31:17 -0500
Somebody. wrote:
> "Triffid" <triffid@nebula.net> wrote in message
> news:Eucaf.5510$LF3.626347@news20.bellglobal.com...
>
>>
>>Somebody. wrote:
>>NS says:
>>
>>"The Work and Home zones allow you to segregate users and resources in
>>each zone. In this mode, default policies allow traffic flow and
>>connections from the Work zone to the Home zone, but do not allow traffic
>>from the Home zone to the Work zone".
>>
>>I understood you have full control of work -> home policy, but cannot
>>create home -> work policy. That would meet my needs, are you saying it's
>>not the case?
>
>
> I'm saying we tricked a NS into breaking that principle, but in a normal
> configuration, you won't likely see that happen. So, forget I said
> anything. :-)
Not likely - I don't let things like that slide, as they are frequently
indicative of a design issue that will bite you in other ways. Did you
open a case?
>>>However I've found a far more flexible option is to put in a FG60 for
>>>folks working at home with kids. You have separate interfaces (internal,
>>>DMZ, WAN1, WAN2) that can be arbitrarily configured any way you like (add
>>>in VLANS if you want to get crazy with zones) with total control over all
>>>traffic between all zones with mulitple site-to-site VPNS. You can even
>>>block porn and other nefarious sites for the kids, AV all your mail and
>>>browse traffic, block whatever IMs you want, and put IPS on the works,
>>>block some adware, and log and track all the kids browse and email
>>>traffic. For around $1K for hardware and the first year of
>>>subscriptions.
>>
>>At roughly 4x what I have invested in the Netscreen, I would certainly
>>expect far more flexibility :-) However, I have my eye on a pair of 208s
>>that are likely to be swapped out soon...
>>
>>Triffid
>
>
> Well if you're comparing used hardware without support against new hardware
> with support and AV/IPS/SPAM/filtering subscriptions, that might account for
> the price difference. :-)
I'm not - my 5GT was new when I bought it on eBay, and I was able to
negotiate support and subscriptions for it at very reasonable rates in
conjunction with a hardware order. Sure I had leverage not available to
all, but the bottom line is just that...
> 208s are very nice boxes, just don't expect to do any Deep Inspection with
> them. Stateful packet inspection only.
No? Not supported, or not enough horsepower? (I don't 'own' any 208s at
work, so don't have much experience with them)
Triffid
- Next message: jameshanley39_at_yahoo.co.uk: "Re: port forwarding/ opening port"
- Previous message: Triffid: "Re: LAN access while VPN is up"
- Maybe in reply to: Moe Trin: "Re: LAN access while VPN is up"
- Next in thread: Triffid: "Re: LAN access while VPN is up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
