Christopher McGill wrote:
Hi Again,
Also forgot to mention. The have a dedicated NIC for the DMZ, I am going
to place all the DMZ bastion hosts on a dedicated switch and place an
additional nic in each enforcement point to connect to this. I am not
thrilled about the previous setup with all the VLAN in terms of security as
it is, noway am I placing the DMZ on physically the same device.
The more I think about this setup, the more I coming to the conclusion,
that the topology of clusterxl object is going to be nuts.,,,,,
Perhaps a l3 switch would be a better solution.. Maybe if I pick a lower
spec server :)
probably you worry too much; there hasn't been in a very long time any
exploit that would allow an attacker to do vlan hopping on switches.
sin
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
