CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Miscellaneous
Reload this Page ISP/VLAN/Firewall Security
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2008-04-03
AndyB AndyB is offline
Member
  
Join Date: 2005-10-20
Posts: 47
Rep Power: 0
AndyB has an average reputation (10+)
Default ISP/VLAN/Firewall Security
Guys,

This is not strictly a checkpoint issue but more of a secuirty concern. We have just changed to a new ISP which has now been delivered. However, our network engineer on site as patched the ISP internet feed into our DMZ on a sperate VLAN and from the VLAN patched to the external interface of our firewall, there is also a Cisco ASA connected to this VLAN for a joint venture project. My question is, would this be a valid configuration and is there any secure concerns? it seems to expose our DMZ although seperated by the VLAN. This is the first I have come across this kind of set-up, usually the internet feed is patched straight into the firewalls external interface.

Would be grateful for any advise

Andy
Reply With Quote
  #2 (permalink)  
Old 2008-04-03
MarioL MarioL is offline
Senior Member
  
Join Date: 2007-01-18
Location: London
Posts: 346
Rep Power: 2
MarioL has an average reputation (10+)
Default Re: ISP/VLAN/Firewall Security
If everything is properly configured it shouldn't be a problem, but to be honest I myself prefer physical separation and I would always push for that.
Reply With Quote
  #3 (permalink)  
Old 2008-04-03
mcnallym mcnallym is offline
Senior Member
  
Join Date: 2007-06-04
Posts: 857
Rep Power: 2
mcnallym has an average reputation (10+)
Default Re: ISP/VLAN/Firewall Security
Shouldn't be a problem however personally I always feel better when the external link goes into a seperate switch rather then a VLAN on a DMZ switch.

It is just a comfort effect for me rather then any real must have.
Reply With Quote
  #4 (permalink)  
Old 2008-04-03
AndyB AndyB is offline
Member
  
Join Date: 2005-10-20
Posts: 47
Rep Power: 0
AndyB has an average reputation (10+)
Default Re: ISP/VLAN/Firewall Security
Guys,

Thanks for your imput. I must agree, I am a little uneasy with this set-up and would prefer the physical seperation. I will voice my concerns from a security perspective and see what response I get back.

Again, thanks
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 19:15.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0