I have worked with several firewalls and have not seen one that is focused on protecting one LAN from another LAN. The caveat is that both LANs would need access to the Internet via some additional firewall located on another segment.The firewalls I have worked with assume that you will access the Internet via the existing WAN port on the firewall. If you don’t want to do this, that is, you want to push them toward another firewall to go on the Internet, it fails. I realize you can do this with a router and two LAN ports, but I am interested in the door knob twists and reporting. I was wondering if anyone is deploying this kind of scenario and what product(s) they might be using.— Chip Gerald What you are asking to do is becoming more and more common. You have to protect from hackers from inside your network as well as outside of your network. Novell has shown this as one way to use their Border Manager firewall product for several years. The main thing that you need to do is to turn off NAT (Network Address Translation) on the firewall servicing a LAN to LAN segment on your network and let it act as the router that it essentially is.Once you have NAT turned off, make sure that each side of the network can talk to the other. This part has to be working right or when you go to the next step which involves putting filters in place to allow only the traffic through that you want on a particular segment. Doing packet filtering, where you only allow the traffic in and out that you want is an area to proceed carefully in.I cannot stress strongly enough that if you don’t know how to use a protocol analyzer now, spend the time before trying to do packet filtering with a firewall. For standard applications such as SMTP, WWW, etc., you won’t need an analyzer to help you setup the filters as a general rule. Where it will come in handy is when you have special applications from companies such as banks that are using different port numbers or use port numbers that can shift.As to specific product recommendations, talk to the individual vendors themselves to see if they can operate in that environment. You should be able to use vendors such as Cisco, Nortel and Novell to mention just a few of the possibilities that are available.You can expect to find a wide variety when it comes to reporting. Some vendors will give you a text file that you will have to sift through, where others may be able to talk to a syslog server where you can have a little more control over how the output is formatted. Related content how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux news High-bandwidth memory nearly sold out until 2026 While it might be tempting to blame Nvidia for the shortage of HBM, it’s not alone in driving high-performance computing and demand for the memory HPC requires. By Andy Patrizio May 13, 2024 3 mins CPUs and Processors High-Performance Computing Data Center opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux how-to Download our SASE and SSE enterprise buyer’s guide From the editors of Network World, this enterprise buyer’s guide helps network and security IT staff understand what Secure Access Service Edge (SASE) and Secure Service Edge) SSE can do for their organizations and how to choose the right solut By Neal Weinberg May 13, 2024 1 min SASE Remote Access Security Network Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe