A company has two locations A and B Both A and B have front offices and data centers Security policy front office computers can talk to front office computers and its own data centers but not other offices data center data center computers can talk to each other ID: 998027
Download Presentation The PPT/PDF document "Local configuration global effect" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. Local configuration global effectA company has two locations: A and BBoth A and B have front offices and data centersSecurity policy: front office computers can talk to front office computers and its own data centers, but not other office’s data center; data center computers can talk to each other.
2. Local configuration global effectSecurity policy implementationDrop all packetsFrom BF subnetDrop all packetsFrom AF subnet
3. Local configuration global effectThe two datacenter wants to be the backup of each other, add a link. What happen next?Drop all packetsFrom BF subnetDrop all packetsFrom AF subnet
4. Local configuration global effectThe security policy is broken: it requires routing and packet filtering to work in concert; but the routing automatically adapts to topology change.Much nicer to use global network view to do the functionDrop all packetsFrom BF subnetDrop all packetsFrom AF subnet