Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Possible to just filter packets on the same SUBNET?

Posted on 2004-08-19
1
Medium Priority
?
236 Views
Last Modified: 2010-04-09
Hello everyone,


we run about 15 servers on one network subnet 138.240.260.0.  not physically the subnet for security reasons on experts-exchange.   this is our logical setup though!  We would like to hardware firewall 3 Servers with the ips 138.240.260.136, 138.240.260.137, 138.240.260.138.  But the IP address cannot change.  And we do not want to firewall the entire subnet so we do not effect the other servers.  What is everyone's suggestion on the question?  from what i know.  a standard firewall will need 2 different networks on the front and back side.  I've heard of a hardware device that could sit on the wire just for those 3 servers and strictly filter packets.  While still not changing subnet or ips.  It's a MUST that these IP address not change on the servers so that takes out the possiblity of NAT.  Product suggestions?  Or can we in fact do this on a standard firewall....
0
Comment
Question by:jbsengineer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 11

Accepted Solution

by:
PennGwyn earned 500 total points
ID: 11897740
I think what you're saying is that these three servers need to see THEMSELVES at these addresses, and not just that the world needs to reach them at those addresses -- ruling out a  static NAT or port forwarding solution.

Some recent switch models, such as the Cisco 3550, can apply restrictions and/or access-lists to individual ports within a VLAN.  That could be one approach.

MOST firewall products operate as routers, and so need to be at a subnet boundary.  A few, though, can operate as transparent bridges, which solves a number of problems -- including this one.  I've been particularly impressed with solutions from Tipping Point which are built this way.  I don't know if they have a configuration that will meet both your needs and your budget, but check them out.

0

Featured Post

What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question