Jeremy,
The same reasons for cascading physical firewalls apply to cascading
logical (contexts) firewalls.
For example:
- Two different departments need to control access, so only if both
firewalls permit the packets then the traffic will flow. Much like using
dual locks.
- To protect from human configuration errors, firewalls are cascaded and
policy must be configured twice to allow traffic through.
- One firewall to connect the whole network to the internet, and several
other firewalls to protect each sub network. Which is a combination of the
two above
- Fun at CCIE lab... ;)
HTH,
Dan #13685 (RS/Sec/SP)
The CCIE troubleshooting blog: http://dans-net.com
Bring order to your Private VLAN network: http://marathon-networks.com
On Tue, Aug 14, 2012 at 8:15 AM, jeremy co <jeremy.cool14_at_gmail.com> wrote:
> Hi ,
>
> Im just wondering if someone can guide me if there is any real world
> implementation of cascaded context has been deployed, or any reason of
> going through such a complexity.
>
>
> Thanks
>
> Jeremy
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Best regards, Dan Blogs and organic groups at http://www.ccie.netReceived on Tue Aug 14 2012 - 14:06:44 ART
This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART