Network Monitoring in a Firewall Complex

Tim Lund tglund at earthlink.net
Wed Mar 21 17:46:01 UTC 2001


All,

I have been tasked with architecthing a network monitoring/backup solution
for systems which reside within a firewall complex.  The firewall uses a
compartmentalized approach by placing systems which perform similar
functions in the same protective zone.  I have some ideas on how to
accomplish this.

I am leaning toward placing an additional interface into all of the systems
and creating a management network.  The management network would need to
maintian the compartmentalization approach so that a security failure on one
system would not allow the managment network to be used as a path of attack
to other systems.  Theoretcially I believe I could use a multilayer switch
to provide to control traffic between the interfaces on the management
network whil allowing for the management/backup servers to route to each
target host. The managment network would also allow backups and other
management activities without impacting the bandwidth of the production
network.

I would prefer not to design this in a vacuum and was
wondering how others have done this or any pitfalls if anyone has tried the
management network.  The solution needs to be scalable and manageable.  As
this falls within the realm of network security I am not sure how
forthcoming people will feel but I
would appreciate any and all assistance that you might be willing to
provide.


 





More information about the NANOG mailing list