(9923) LAT, Firewalls, and Network Security?

Archive of the OpenVMS Ask the Wizard (ATW) questions and answers database.
Locked

Topic author
User
Visitor
Posts: 0
Joined: Mon Jan 10, 2022 8:16 am
Reputation: 0
Status: Offline

(9923) LAT, Firewalls, and Network Security?

Post by User » Wed Nov 10, 2004 8:26 am

i would like to know if LAT is able to bind to multiple adapters. i know it will do failover. but we have two NICs and want to run LAT over both interfaces. these two networks are our DMZ and a firewalled portion of our network seperated by a router. we want to be able to use our printers on either side of the network and therefor need LAT on both adapters.
Last edited by marty.stu on Tue Jan 11, 2022 9:56 am, edited 1 time in total.


Wizard
Visitor
Posts: 0
Joined: Mon Jan 10, 2022 8:17 am
Reputation: 0
Status: Offline

Re: (9923) LAT, Firewalls, and Network Security?

Post by Wizard » Thu Nov 11, 2004 8:26 am

Please review the contents of SYS$MANAGER:LAT$SYSTARTUP.TEMPLATE for instructions on how to define links to multiple adapters, in the current version of the file, look after the section entitled:

Start LAT Protocol

Some firewalls can also open up paths for protocols such as LAT, allowing LAT traffic to traverse the firewall.

Do realize you are bypassing a firewall; effectively creating a new hole through the firewall via this host; a bridge through to the DMZ. You will want to ensure you do not open up bi-directional LAT with a host bridging the firewall unless that is absolutely necessary, as that provides the potential for bi-directional connectivity bypassing the firewall.

It may be more appropriate to add additional printers than to open new potential paths for security breaches.
Last edited by marty.stu on Tue Jan 11, 2022 9:58 am, edited 1 time in total.

Locked