Understood. I expected as much but thought I'd ask. Most of my suggestions would require more knowledge of the layout to be filtered out.
I really don't know what you'd find that would do what you want in this case, based on the requirements stated previously. Sorry =/ I'd look more to finding a way to make it a truly isolated unit that they could audit personally, instead of a distributed zone with boundaries in the middle. -Blake On Tue, Jul 30, 2013 at 5:39 PM, William Herrin <b...@herrin.us> wrote: > On Tue, Jul 30, 2013 at 5:36 PM, Blake Dunlap <iki...@gmail.com> wrote: > > Well, I guess my first question is: Is this a design you are stuck with > for > > some reason or alternately, is there a good reason for it, and I need to > be > > educated as to real world design? It seems rather odd to put a firewall > > boundry between a LB and its associated cluster as opposed to in front of > > the LB. > > Howdy, > > Paperwork. The customer owns 3 servers in a system of a consisting of > a hundred or so. He wants his security people to accredit it. They > won't accredit individual servers, so his options were: duplicate the > full system just for him (very expensive) or create a security > boundary where he can say, "This is my enclave. Accredit my enclave." > > Naturally his security people decide that they don't want the > firewalls to be additional servers running Linux. That would make it > far too easy to secure his system. I don't yet know if they'd accept > an appliance running Linux underneath. :/ > > -Bill > > > -- > William D. Herrin ................ her...@dirtside.com b...@herrin.us > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> > Falls Church, VA 22042-3004 >
