> > we are going to put in a firewall. > > do we want to give it a *WHOLE* class C license (all 256 nodes?????) > by itself, so that any traffic that wants to go out wont be on > the major (internal) backbone, or is that just silly??? > Well, first lets clarify the question. If by "it" you mean the firewall device itself, its certainly not necessary to allocate an entire class "c" network address for a single device. In fact, you really can't because the interfaces on the box must belong to the IP network(s) that share the "wire" (or cloud, as it were). If you are installing the device on its own network segment, than you must allocate a different network (or subnet) to this perimeter network. Cheers, _______________________________________________________________________________ Paul Ferguson US Sprint Enterprise Internet Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul@hawk.sprintmrn.com