Current config:

Currently, the Bass connection to the internet is as follows:

  1. A workstation is supplied with a static address and connected to the 3COM switch.
  2. The 3COM switch is connected to the Bass server
  3. The Bass server proxies traffic from one network to another
  4. The Bass servier is connected to one of two switches in the wiring closet. Depending on which one is its first connection, the traffic passes through one or two switches.
  5. The traffic then proceeds to Acceleration's machine room.

This configuration is not desirable, for several reasons:

  1. The network configuration is incorrect for the firewall setup that Bass would like implemented. Bass would like the local network configuration to be a particular "subnet". Currently, a different subnet is in use, necessitating a renumber of all computers.
  2. All network configuration is static, so changes require manually reconfiguring all individual workstations. If more of the network configuration had been designed dynamically, the changes necessary for the firewall install would have been much more simple.
  3. All network traffic must pass through a server proxy. This makes configuration and addition of new machines unnecessarily complex.

Additionally, there are large portions of the network which are poorly understood. It is not likely that this presents a present security risk, but it could. It definitely presents a confusing configuration problem.

Desired config:

Alleve proposes the following design:

  1. A workstation is connected to a local switch, and is configured with a dynamic address.
  2. The switch is connected to the Bass firewall
  3. The firewall is connected to