Network Example

For the network example, shows the London segment of the network. Looking at the diagram, a single Screen, lon-screen1, is configured to run in a mixed mode to provide a stealth firewall and to provide an interface with an IP address that provides user authentication using proxies. The hosts protected by SunScreen have illegal IP addresses that gives them web access to the Internet. Screen lon-screen1 acts as an HTTP proxy and performs NAT for these hosts as well.

Note -

Use care when designing the security policy for the routing interface to ensure that the advantage of stealth is not negated by the exposed qfe2 interface. For example, an open policy on the routing interface can expose the Screen to be compromised, and can affect the stealth operation as well.

Figure 9-1 London Segment of the Sample Company Network

Previous: Chapter 8 Routing Mode With Centralized Management Group
Next: General Mixed-Mode Configuration