[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::seal

Title:	SEAL

Moderator:	GALVIA::SMITH

Created:	Mon Mar 21 1994
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	1989
Total number of notes:	8209

1774.0. "3 network cards or tri-homed/multi-homed configurations?" by TENNIS::KAM (AltaVista Software 714/261-4133 DTN 535.4133) Wed Feb 05 1997 03:54

    Anyone know if you can configure the AltaVista Firewall for Digital
    UNIX for a minimum of three network cards?
    
    I don't think it's possible at all with the NT version, but the Digital
    UNIX might have a chance.
    
    Checkpoint is selling the strategy of three network cards and the
    Education Community is sold on the idea.  One network interface, not so
    secure for the students and the othe network interface, secure for the
    administrative part.
    
    Any ideas would be appreciated and are you seeing this?
    
    	Regards,

T.R	Title	User	Personal Name	Date	Lines
1774.1	Some support, but not with the GUI	NETRIX::"[email protected]"	Sebastian L�lsdorf	`Wed Feb 05 1997 07:19`	25
	Digital UNIX supports more than 2 network interfaces (maximum depends on number of free slots in your Alpha). Firewall software supports this by screend or gxd configuration. It is called "green net support", shortly described in Appendix E of the "Internet Firewall Service Delivery Guide", QS-SEAA9-CP, Version 1.1, May 1996 by Ken Linell. The Application Gateways don't support it in their policies, not even with the custom policies. But it might be possible to edit the acl-files manually. See the man pages (man 4 access_control_file). However NOTE: Green net support canNOT be configured with the GUI at all! Once you have done it under the covers, the GUI will mislead you: You don't see any longer what's really allowed to go through the firewall, but you see something different, just what the GUI is showing to you. Using the GUI later on will destroy the changes you've made. And the customer feels anxious about the future firewall administration. (I have asked Sarah Keating recently whether this will change with V3.0: her answer was no.) Sebastian [Posted by WWW Notes gateway]
1774.2		QUICHE::PITT	Alph a ha is better than no VAX!	`Wed Feb 05 1997 09:01`	8
	There are several possible configurations here - green net is one of them. I have also got a customer who has two red interfaces - he has a connection to a University and another to an ISP. I had to build one of them normally, and then handcraft the other. It was "fun". T
1774.3		TENNIS::KAM	AltaVista Software 714/261-4133 DTN 535.4133	`Wed Feb 05 1997 11:33`	26
	I assume Green Net can either be the Perimeter Network where all the Proxy Servers and other Bastion Host(s) are located or actually a second network within your Corporation. Anyone know how to order the documen described in .1? The part # provided is for a Service: QS-SEAA9-CP FIREWALL SERVICE - Detailed Description - - Not Available - USCLP 25,000.00 List Price SLP1S N/A Standard Price BSMC N/A Basic Service Monthly Charge SMS N/A System Management Service Monthly Charge SSS N/A Software Support Service Monthly Charge MDDS N/A Media/Doc Distribution Service Monthly Chrg SWLC A License Code EU N End User Discount BU P Business Partner Discount SPD XX.XX.XX Software Product Description Regards,
1774.4	Location of service delivery guide	DELNI::KEVIN		`Wed Feb 05 1997 11:43`	10
	re .3 The firewall service delivery guide is located on my anonymous ftp server (beech.crl.dec.com) in the /pub directory as fwsdg.ps. re .1 As a minor correction, I wrote the service delivery guide. Kevin Carey