|
Joe, In response to your 3 questions... > 1. Should we keep the current 2838 running as is and get 2 more ethernet cards for the firewall. This is the preferred method of configuration. This way, you AS/400 LAN connection is independent (relatively) of the firewall connection. However, not all hardware will support that many LAN cards, e.g., S10, 600 so this may not be an option for you. >2.Or, can we use the current 2838 as the secure side of the firewall, purchase 1 card for >unsecure and still be able to access the AS400 as we do now over the 2838? You certainly can do it this way, however, there are additional steps to take in order to configure a firewall where you are 'sharing' the AS/400 LAN connection with the firewall secure port. The AS/400 firewall site, www.as400.ibm.com/firewall has details on how to do this. Also, Chapter 9 of the firewall redbook talks more about this method. >3. Why 2 different cards, and which side do you put them, 2723 secure or unsecure side? The reason for needing the two different cards is that "an IPCS with two high speed Ethernet (i.e., 2838) cards is unsupported". I do not know exactly why. The support line person I spoke to when this became an issue at one of our client sites said that it was an "engineering requirement", which suggests, (to me anyway), that it is a hardware limitation on the IPCS card, rather than a software issue with the firewall, TCP or IPCS integration software. As to which one, secure or unsecure should be the high speed vs low speed, it does not matter to the hardware/software. From a planning point of view, I would expect more traffic to arrive on the unsecure side, so put high speed on unsecure. P.S. If you ever figure out how to right correct and valid filter rules, please explain it to me. It always takes me 3 or 4 tries before I get it right :) Neil At 07:59 AM 7/31/99 -0300, you wrote: >Niel, we're looking at this firewall to. We currently have a 2838 installed >running TCP/IP to our LAN. Three questions here, 1. Should we keep the current >2838 running as is and get 2 more ethernet cards for the firewall. 2.Or, >can we >use the current 2838 as the secure side of the firewall, purchase 1 card for >unsecure and still be able to access the AS400 as we do now over the 2838? >3. Why >2 different cards, and which side do you put them, 2723 secure or unsecure >side? >Thanks for any feed back, going in search of that redbook now. > >Joe Chiasson >M I S, >Wyeco Supply Inc. > >Neil Clark wrote: > > > Also, if you are using Ethernet, only one of these cards can be > > the FC 2838, 10/100MB fast Ethernet card, the other has to be FC 2723, 10MB > > Ethernet. > > > > Neil > > > >+--- >| This is the Midrange System Mailing List! >| To submit a new message, send your mail to MIDRANGE-L@midrange.com. >| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. >| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. >| Questions should be directed to the list owner/operator: david@midrange.com >+--- Neil Clark Barsa Consulting, LLC Tel: (914) 251-9400 Fax: (914) 251-9406 http://www.barsaconsulting.com +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
