Manualshelf

Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100
11121314151617181920
smc9194: SMC 9194
tlan: Compaq Netelligent 10/100/NetFlex 3
tulip: DEC Tulip (DC21x4x) PCI
via-rhine: VIA VT86c100A Rhine-II
wd: Western Digital WD80x3
yellowfin: Packet Engines Yellowfin Gigabit
Network Planning
Before beginning the installation of the Adminhost and the configuration of the
firewall, consider your network layout. The diagrams in the following section
provide some ideas for layout options. The most important thing to do before
you begin installing the software is to consider what hardware to use for each
part of the system.
The actual firewall host is a very special server. SuSE Firewall on CD should
not be used on your main server or another computer in the network. It is
best if the firewall host does not have a hard disk, although one is required for
using Squid and similar programs. It needs, however, a floppy disk drive for
the configuration disk, a bootable CD-ROM drive for booting the Live CD, and
network interfaces. The firewall host can serve as a gateway for your system.
The Adminhost should be a dedicated machine. It is used to create the configu-
ration floppy for the firewall host. It should be possible to run a graphical user
interface on this machine, so you can use the Firewall Administration System
(FAS) to configure the firewall and create the configuration disk. All needed
programs are included on the Admin CD. It can also be used as the log host.
The log host is a machine used to log the events on the firewall. It needs a large
hard disk for storing information. This does not have to be a dedicated machine.
It is, however, recommended to make it a dedicated machine, for reasons of
security, and also use it as the Adminhost. It should never be unavailable to the
firewall host.
Security Policy and Communication Analysis
To ensure that the internal network’s connection to the Internet (or to any other
“unprotected” network) is secure, a few things need to be clarified first. This
includes outlining a security policy for your own network and undertaking a
communication analysis.
10 Security Policy and Communication Analysis