NDC Logical Firewall - How it Works
-
Ethernet allows two completely separate subnets to share
a single wire.
-
As per RFC 1918, our campus routers block all 10.x.y.z traffic.
-
LFW clients are given 10.x.y.z unroutable network addresses.
-
By changing just the first octet to 10, address allocation
becomes trivial.
-
Firewalled hosts can talk directly only to each other or
their LFW.
-
LFW does Network Address Translation (NAT) for every packet
in/out.
Note that the LFW is not physically between the outside network
and protected hosts but all traffic between the outside network and protected
hosts must go through it.
PREV NEXT