The current platform OS is FreeBSD 7.2. For a list of supported hardware, please check here.
Typically, the firewall can be placed between two hubs or switches
like so ...
"the outside"
||
||
||
+---------------------------------+
| o o o o o o o o o o o o o o o o |
| o o # o o o # o # o # # # o # o |
+-----|-------|---|---|-|-|---|---+
| | | | | | |
| | | | \ \ \
|
| ( unprotected systems )
|
|
| ----------
|__[ firewall ]___
---------- |
|
|
+-------|-------------------------+
| o o o # o o o o o o o o o o o o |
| o # # o # o # # # # o o o o o o |
+---|-|---|---|-|-|-|-------------+
| | | | | | |
/ | | | | | \
/ | | | \
( protected systems )
Often, however, the intention is to have the firewall located at
point where the department LAN connects to the campus backbone
(ie. at the CNS-owned switch connected to the campus backbone).
To that end, the Network Engineering group can subdivide the
CNS-owned switch into two VLANs (ie. to make it seem as if it is
actually two separate switches). One VLAN would be associated with
only one or two switch ports and would be assigned as the VLAN
connected to the "outside world". The other VLAN would encompass
the remaining switch ports. The firewall would then be used to
connect the two VLANs like so ...
%
"outside" % "inside"
VLAN % VLAN
+----%--------------------------------+
| o % o o o o o o o o o o o o o o o |
| # % # o o o o o o o o o o o o o o | CNS switch.
+-|--%--|-----------------------------+
| % |
| |___________
| |
| ---------- |
|__[ firewall ]___|
----------
To have your CNS-owned switch configured in this manner, please contact
Kam Mark in CNS Network Engineering (kam.mark [AT] utoronto.ca, 416-978-5050).