This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Bob_Zimmerman
Authority
Authority
‎2024-01-10 12:53 PM
In response to Lloyd_Braun

There are other ways to force the firewall into the path between two endpoints on the same network block. Private VLANs with proxy ARP could let you insert a firewall in the path with no modifications to the endpoints. Changing the endpoints' net masks to 32-bit and routing everything through the firewall explicitly could also work, but would require changes on the endpoints.

But yes, the point is the firewall can only inspect traffic which goes in one of its interfaces (if all you want is detection, this could be done with a hub or span port). The firewall can only drop traffic which goes in one of its interfaces and which goes out one of its interfaces (they can be the same interface).

View solution in original post

(1)
Who rated this post