which firewall product?
Blake Dunlap
ikiris at gmail.com
Wed Jul 31 00:13:22 UTC 2013
Understood. I expected as much but thought I'd ask. Most of my suggestions
would require more knowledge of the layout to be filtered out.
I really don't know what you'd find that would do what you want in this
case, based on the requirements stated previously. Sorry =/
I'd look more to finding a way to make it a truly isolated unit that they
could audit personally, instead of a distributed zone with boundaries in
the middle.
-Blake
On Tue, Jul 30, 2013 at 5:39 PM, William Herrin <bill at herrin.us> wrote:
> On Tue, Jul 30, 2013 at 5:36 PM, Blake Dunlap <ikiris at gmail.com> wrote:
> > Well, I guess my first question is: Is this a design you are stuck with
> for
> > some reason or alternately, is there a good reason for it, and I need to
> be
> > educated as to real world design? It seems rather odd to put a firewall
> > boundry between a LB and its associated cluster as opposed to in front of
> > the LB.
>
> Howdy,
>
> Paperwork. The customer owns 3 servers in a system of a consisting of
> a hundred or so. He wants his security people to accredit it. They
> won't accredit individual servers, so his options were: duplicate the
> full system just for him (very expensive) or create a security
> boundary where he can say, "This is my enclave. Accredit my enclave."
>
> Naturally his security people decide that they don't want the
> firewalls to be additional servers running Linux. That would make it
> far too easy to secure his system. I don't yet know if they'd accept
> an appliance running Linux underneath. :/
>
> -Bill
>
>
> --
> William D. Herrin ................ herrin at dirtside.com bill at herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004
>
More information about the NANOG
mailing list