Filbert firewall

If you run into problems, contact < filbert [AT] cns.utoronto.ca >

The current platform OS is FreeBSD 7.2. For a list of supported hardware, please check here.



An overview

 Typically, the firewall can be placed between two hubs or switches
 like so ...


		"the outside"

		     ||
		     ||
		     ||
	+---------------------------------+
	| o o o o o o o o o o o o o o o o |
	| o o # o o o # o # o # # # o # o |
	+-----|-------|---|---|-|-|---|---+
	      |       |   |   | | |   |
	      |       |   |   |  \ \   \
	      |
	      |      (  unprotected systems  )
	      |
	      |
	      |   ----------
	      |__[ firewall ]___
	          ----------    |
	      			|
	      			|
			+-------|-------------------------+
	 		| o o o # o o o o o o o o o o o o |
	 		| o # # o # o # # # # o o o o o o |
			+---|-|---|---|-|-|-|-------------+
			    | |   |   | | | |
			   /  |   |   | | |  \
			     /    |   | |  \ 

			(  protected systems   )


 Often, however, the intention is to have the firewall located at
 point where the department LAN connects to the campus backbone
 (ie. at the CNS-owned switch connected to the campus backbone).
 To that end, the Network Engineering group can subdivide the
 CNS-owned switch into two VLANs (ie. to make it seem as if it is
 actually two separate switches). One VLAN would be associated with
 only one or two switch ports and would be assigned as the VLAN
 connected to the "outside world". The other VLAN would encompass
 the remaining switch ports.  The firewall would then be used to
 connect the two VLANs like so ...

 
	     %
 "outside"   %  "inside"
   VLAN      %    VLAN
	+----%--------------------------------+
	| o  %  o o o o o o o o o o o o o o o |
	| #  %  # o o o o o o o o o o o o o o |	CNS switch.
	+-|--%--|-----------------------------+
	  |  %  |
	  |     |___________
          |                 |
	  |   ----------    |
	  |__[ firewall ]___|
	      ---------- 


 To have your CNS-owned switch configured in this manner, please contact
 Kam Mark in CNS Network Engineering (kam.mark [AT] utoronto.ca, 416-978-5050).