Re: [FW-1] VPN Deployment Issue

Subject:	Re: [FW-1] VPN Deployment Issue
From:	Christopher McGill <christophermcgill2007 AT GOOGLEMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Sun, 18 Mar 2007 02:55:41 +0000

Hi,

 As a rule of thumb, I disable DTP and change the native VLAN, as well as
prune those vlans from the rest of the internal network.  I suppose your
right. :)



Christopher McGill
CCSE, CCSA, CCNA

On 3/18/07, sin <sin AT imacandi DOT net> wrote:


Christopher McGill wrote:
> Hi Again,
>
> Also forgot to mention.  The have a dedicated NIC for the DMZ, I am
going
> to place all the DMZ bastion hosts on a dedicated switch and place an
> additional nic in each enforcement point to connect to this.  I am not
> thrilled about the previous setup with all the VLAN in terms of security
as
> it is, noway am I placing the DMZ on physically the same device.
>
> The more I think about this setup, the more I coming to the conclusion,
> that the topology of clusterxl object is going to be nuts.,,,,,
>
> Perhaps a l3 switch would be a better solution.. Maybe if I pick a lower
> spec server :)

probably you worry too much; there hasn't been in a very long time any
exploit that would allow an attacker to do vlan hopping on switches.

sin

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] VPN Deployment Issue, Christopher McGill Re: [FW-1] VPN Deployment Issue, sin Re: [FW-1] VPN Deployment Issue, Christopher McGill Re: [FW-1] VPN Deployment Issue, Christopher McGill Re: [FW-1] VPN Deployment Issue, sin Re: [FW-1] VPN Deployment Issue, Christopher McGill <= Re: [FW-1] VPN Deployment Issue, sin Re: [FW-1] VPN Deployment Issue, Christopher McGill Re: [FW-1] VPN Deployment Issue, sin Re: [FW-1] VPN Deployment Issue, Christopher McGill Re: [FW-1] VPN Deployment Issue, Roger P Herr Re: [FW-1] VPN Deployment Issue, sin Re: [FW-1] VPN Deployment Issue, Christopher McGill Re: [FW-1] VPN Deployment Issue, Roger P Herr Re: [FW-1] VPN Deployment Issue, Christopher McGill

Previous by Date:	Re: [FW-1] Integration of Conenctra NGX R62 Mail services with IBM Lotus Domino server., Hugo van der Kooij
Next by Date:	Re: [FW-1] FW-1 list is moving, David K. Crowfoot
Previous by Thread:	Re: [FW-1] VPN Deployment Issue, sin
Next by Thread:	Re: [FW-1] VPN Deployment Issue, sin
Indexes:	[Date] [Thread] [Top] [All Lists]