I want _our_ wfwg systems to be able to share resources, but still be safe
from accidental or intentional access from the big net or from our customers.
Our workstations use mstcp/ip. Can anyone tell me how to filter out shared
resource connection requests?
Do you believe we should deny wfwg resource connections via the Internet (to
protect our customers), or should we allow them?
I am a little confused about which filter sets apply between which places.
Specifically, on a single pm, does S5 traffic transit the ethernet
internally on it's way to S6?
Suppose we use the names like pm1.s1.in, pm2.s1.out, pm1.e.in, pm2.w.out,
etc. for our filter sets. Which filter sets will apply to traffic in the
following situations:
cust2 -> wfwg4
cust2 -> wfwg2
cust2 -> wfwg0
wfwg1 -> internet
wfwg1 -> backup
cust2 -> cust1
cust1 -> Internet
location1 location2
(s4) cust1 (dialin, may be running wfwg)
| (s3) cust2 (dialin, may be a hacker)
(s2)wfwg0(dialin) | | (s2) backup (dialed isdn to Internet)
| | | |
pm2er1 -- (s1) -- pm2er2 -- (w1) -- Internet
| |
(ether) (ether)
| |
wfwg1 bsdi1
| |
wfwg2 bsdi2
| |
wfwg3 wfwg4
Thanks for any help you can give.
donna mccole