[nsp] NetFlow through a firewall?

[Temkin, David]

True, though if they're on the same segment (which they are), it doesn't buy
me very much...  I'm more concerned about the integrity of the inside
network moreso than the integrity of the inside network

-----Original Message-----
From: Gert Doering [mailto:gert at greenie.muc.de] 
Sent: Thursday, May 08, 2003 3:15 AM
To: Temkin, David
Cc: 'Dmitri Kalintsev'; cisco-nsp at puck.nether.net
Subject: Re: [nsp] NetFlow through a firewall?


Hi,

On Wed, May 07, 2003 at 09:56:55PM -0400, Temkin, David wrote:
> A couple of people suggested that, but that's making it *worse* - not 
> better... I'd rather open a single application specific UDP port 
> through my firewall than open an entire tunnel that if someone 
> compromises the router can gain full access inside...

You can do both, of course.  Setup an IPSEC tunnel (that terminates on 
the firewall) and filter the decapsulated packets.

gert
-- 
USENET is *not* the non-clickable part of WWW!
 
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert at greenie.muc.de
fax: +49-89-35655025
gert.doering at physik.tu-muenchen.de


IMPORTANT:The information contained in this email and/or its attachments is
confidential. If you are not the intended recipient, please notify the
sender immediately by reply and immediately delete this message and all its
attachments.  Any review, use, reproduction, disclosure or dissemination of
this message or any attachment by an unintended recipient is strictly
prohibited.  Neither this message nor any attachment is intended as or
should be construed as an offer, solicitation or recommendation to buy or
sell any security or other financial instrument.  Neither the sender, his or
her employer nor any of their respective affiliates makes any warranties as
to the completeness or accuracy of any of the information contained herein
or that this message or any of its attachments is free of viruses.