Re: Forwarding traffic to an active IDS/Firewall

[Vinicius Pavanelli Vianna <ds () hacked com br>]

Hi,

This was exactly what i was looking for,  PaulM send me a cisco page
that contains info about PBR on cisco hw, so I will check it, the other
answer whas to put the IDS/Firewall between the switch and the uplink on
the datacenter, but i think this is a better solution since it allows me
to do load balance too in future.

Thanks for all people that helped me.

Dale W. Carder wrote:

> Thus spake Vinicius Pavanelli Vianna (ds () hacked com br) on Wed, Jul 13, 2005 at 06:39:35PM -0300:
>  
>
> > Anyone knows how I can forward all traffic the came to a Cisco Catalyst
> > swith to an gateway to do some IDS/Firewall/Traffic Shape?
> >    
>
> Use a policy route to force the next-hop.  I think that's the
> closest thing to what you want.  However, given that traditional
> switches are more or less agnostic to layer 3 information, you can't 
> do that unless you have a switch with a routing card, or actually 
> have a router.
>
> If you're only looking for IDS stuff, most high end switches support
> port mirroring.
>
> So, a layer-2 solution could use vlans and have your IDS/Firewall/Traffic 
> Shape thingy route, bridge, or proxy-arp between them.
>
> Or, use a PC or some other device that can make switching decisions
> based on higher level stack information.
>
> Dale
>
> ----------------------------------
> Dale W. Carder - Network Engineer  
> University of Wisconsin at Madison 
> http://net.doit.wisc.edu/~dwcarder
>
>
>
>  

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards