Dear Firewall-users Recently their has been a requirement to link up securely some remote branches. To do this it has been proposed to use firewalls not to do VPN in the strict sense of the word, but to implement packet filtering effects to limit access to the remote machines. For example let's say branch A wishes for branch B to see computer X. Both branch A and B have firewalls. Branch A places (or using NAT gives) computer a real IP outside the branch A's firewall. But since anyone can now access this real IP, an upstream packet filter (firewall) is placed amid the traffic stream. Effectively blocking (using rules) anyone accessing restricted real IP addresses down stream (ie at branch A). Similiarly branch B would use the same methodolgy. This schema is replicated for upto 4 branches that wish to restrict access to particular computers and the internet in general without comprimising security to much. ------------------- ----------------- ----------------- ------------------------------ ----------------------------------------- | Branch A |-------| Firewall A |--------| real IP's |----------------| Firewall B filtering |----------------------| Internet -> other branches | ------------------- ----------------- ----------------- ------------------------------ ----------------------------------------- Does this have any security implications besides un-encrypted packets travelling over the public network. If so what other methods could be used considering every branch does not want to change it's current infrastrucure much, and does not want to have to use a specific firewall for firewall A nor chnage what they have, and firewall B may also be a different box at every location! Also if a 'VPN' were to be used how could one be setup between all branches as one vpn, rather than having nxn (n squared) vpn's. Kind regards, Colin Horsington
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:45:15 PDT