Let me ask all of you a fairly generic question that should garner
lots of different ideas. Let us say that you have gone to work for a
new company as a network admin. It is a fairly complex network with
multiple routers, switches and firewalls (a firewall for every router,
let's say). The current network team has no formal training and have
done all of their learning on the job, following a contracting company
who was paid to initially setup the network.

Okay, so how would you go about mapping out this network? You don't
have the understanding of devices by name yet, and each device is
likely to have 20 interfaces on it, with 20 IPs for 20 networks! You
live on a "management network", but it's only "management" because
it's a subnet which has been given telnet access to all of the devices
on the network - in other words, scanning with your usual tool (LAN
MapShot from Fluke - in my case, because it CAN start a pretty good
network diagram directly in Visio) from your "management" network
won't show you anything than it will from any other subnet.

Follow what I mean? Ideas? Pretend the network is yours and you're
free to change anything you want - where would you start?
firewall-wizards mailing list