Hey thanks sidd 4 Ur offer
I'm brand new beginner in networking. need some advice here.. that's why firewall.cx rocxxx!! thanks dude to for this site
i'm doin my school thesis about VPN. my question is where is actually the best and the most commonly used method to place the firewall and VPN gateway?
should the firewall come be4 the VPN, after the VPN, or together in a machine?
First of all, you need to understand that a VPN is a secure entry into your private network. It makes your computer (or your private network) part of another private network - as if you were physically part of the network (where you would be behind the firewall - hopefully). Your virtual connection is equivalent to a physical connection.
You can put the VPN endpoint before, after or parallel to the firewall, with pros and cons to each. The most common is parallel or behind the firewall. This may require some changes to firewall to handle the VPN traffic.
You can also use a router or firewall that has VPN on it - which would be the easier way to configure (but not necessarily the best way as it would require more processing for the device).
Many ways to skin a cat.
Just remember that you are allowing someone from the outside, whether a client-to-Lan or a Lan-to-Lan style VPN. This can be very dangerous if you cannot depend on the other side of the tunnel being secure. It is possible to attack your system from the system on the other end through the secure pipe (as it is now acting as if it already on your network). This could be a problem, because if you assume you are secure you may drop your guard on protecting yourself. I had this problem myself where our system was secure until we were bought out by another company and they VPN’d their system to ours and we got hit by the Code Red, Code Red II and Nimbda. They all came from the new company, who had been infected, straight through the firewall. If you don’t think that was a lot of fun ….
If you are writing a thesis about VPNs, here are some articles that might help.
To ease administration using the firewall as the VPN endpoint can be a good idea, alot of application level firewalls have built in VPN support, for example CheckPoint Firewall-1 has native VPN support, so if you were using that as a firewall, then it might make sense to use it as a VPN termination point as well.
There are many VPN configurations, I recommend you follow all Tom's links and read up on them as these days VPN's are the hot networking buzzword
Hey ice_hero I noticed you said your doing your school thesis on VPN, are you writing a paper? What school? I was just wondering because I here for your masters you have to write a thesis on your major topic or something like that. I was just wondering. Now that I think of it, its alot better to write a paper on VPN's or networking and creating a thesis on that then the stuff they give you saying compare and contrast uhhhh political issues blah blah...lol But private message me and tell me about yourself. Im always lookin for new puter gEEks online. I was just tellin Admin that its hard to find true puter gEEks anymore. If anybody else wants to share some puter knowledge, private message me. l8er l33t 0nes!!