-------- From academic-firewalls-owner@net.tamu.edu Tue Nov 26 08:35:33 1996 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Date: Tue, 26 Nov 1996 11:07:34 -0300 From: "Mariano Alejandro Orsili" To: academic-firewalls@net.tamu.edu unsubscrive morsili@act.net.ar -------- From academic-firewalls-owner@net.tamu.edu Tue Nov 26 11:27:52 1996 Apparently-To: academic-firewalls@net.tamu.edu Date: Tue, 26 Nov 1996 18:21:40 +0100 From: "M. Zanforlin Sys Admin" To: academic-firewalls@net.tamu.edu unsubscrive mzanforl@mil-co.it.dhl.com -------- From academic-firewalls-owner@net.tamu.edu Wed Nov 27 11:33:46 1996 Organization: Computer Centre, Cranfield University X-Mailer: Mozilla 3.0Gold (X11; I; Linux 2.0.18 i586) MIME-Version: 1.0 Newsgroups: comp.security.firewalls CC: p.lister@cranfield.ac.uk, academic-firewalls@net.tamu.edu Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Wed, 27 Nov 1996 17:02:09 +0000 From: Peter Lister To: academic-firewalls@net.tamu.edu Subject: Using an ATM VLAN for a central "hub" firewall We are shortly going to replace our campus backbone with ATM, which will give us the flexibility to join arbitrary hub ports together as virtual LANs separate from the main campus LAN and the Internet-at-large. I'm considering using VLANs to connect several bridged Ethernets to a single central firewall. Each administratively separate Ethernet still has it's own firewall policy for connection to the main campus and the Internet, but only one firewall system is required (possibly even with only one net interface if ATM is clever enough), which will be physically secured in the Computer Centre machine room. Obviously, we must trust the ATM h/w (the cabinets will be locked) and s/w (SNMP requests will be properly authenticated). Tapping the fibre is a possibility, but one I think we can live with (breaks are fairly noticeable, and specialised h/w is required). Organisationally, the firewall hub would be under the control of the Computer Centre, where the most net experience lies - departmental system admins for the areas in question don't have a great deal of net experience (no disrespect to them, it's just not their job). Departments would still have control over the *policy*, but the Computer Centre would *implement* that policy. Further, the marginal costs of firewalling another section of the net would be minimal, only software tweaking of ATM and firewall is required. I can't see a problem with this kind of set-up, but feedback (positive and negative) from sites which have attempted something similar is appreciated. Peter Lister Email: p.lister@cranfield.ac.uk Computer Centre, Cranfield University Voice: +44 1234 754200 ext 2828 Cranfield, Bedfordshire MK43 0AL UK Fax: +44 1234 751814 - ------------------------------------------------------------------------ (1) "Yes" (2) "No" (3) "That would be an ecumenical matter" - ------------------------------------------------------------------------ -------- From academic-firewalls-owner@net.tamu.edu Fri Nov 29 09:12:30 1996 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Date: Fri, 29 Nov 1996 16:47:49 +0200 From: "Antti J. Loikkanen" To: academic-firewalls@net.tamu.edu unsubscrive antzu81@netti.fi