Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Network Monitoring in a Firewall Complex

  • From: DERY, FREDERIC
  • Date: Thu Mar 22 11:28:01 2001

See the approach described in the Cisco SAFE blueprint, this could be useful
for you.

http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm

Frédéric Déry


-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
Tim Lund
Sent: 21 March 2001 12:46 PM
To: nanog@merit.edu
Subject: Network Monitoring in a Firewall Complex



All,

I have been tasked with architecthing a network monitoring/backup solution
for systems which reside within a firewall complex.  The firewall uses a
compartmentalized approach by placing systems which perform similar
functions in the same protective zone.  I have some ideas on how to
accomplish this.

I am leaning toward placing an additional interface into all of the systems
and creating a management network.  The management network would need to
maintian the compartmentalization approach so that a security failure on one
system would not allow the managment network to be used as a path of attack
to other systems.  Theoretcially I believe I could use a multilayer switch
to provide to control traffic between the interfaces on the management
network whil allowing for the management/backup servers to route to each
target host. The managment network would also allow backups and other
management activities without impacting the bandwidth of the production
network.

I would prefer not to design this in a vacuum and was
wondering how others have done this or any pitfalls if anyone has tried the
management network.  The solution needs to be scalable and manageable.  As
this falls within the realm of network security I am not sure how
forthcoming people will feel but I
would appreciate any and all assistance that you might be willing to
provide.













Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.