From: Kenny Sallee (kenny@xxxxxxxxxxxxxx)
Date: Fri Oct 12 2001 - 19:04:53 GMT-3
It can't be a pure L2 device and still filter anything above it. It may be
setup like it's a bridge, which I have seen before ( I can't remember the
name/type of the firewall ). But it still filters packets based on L3,4 and
7 information, else there would be now way to filter. I guess it's a matter
of definition. If the box is a bridge and sits like this:
router
|
| ---> Subnet 192.168.1.0/24
|
L2 firewall
|
| ---> Subnet 192.168.1.0/24
|
Router
|
------- > Internal Segment
Then it's a layer2 device that's smart enough to look at, and react to, L3-7
packets. Not a true L2 firewall ( or it'd only filter on MAC right). Just
my opinion of course.
Kenny
-----Original Message-----
From: louie kouncar [mailto:lkouncar@UU.NET]
Sent: Friday, October 12, 2001 10:02 AM
To: ccielab@groupstudy.com
Subject: A firewall Question
All,
I have been working with Check point firewall for a while, and just today I
heard a guy say that there is a kind of firewall that is a layer 2 device,
anyone can comment on that please....
Thank you
Louie J. Kouncar CCIE #7994
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:18 GMT-3