Dynamic routing on firewalls.

• Previous message (by thread): Dynamic routing on firewalls.
• Next message (by thread): Dynamic routing on firewalls.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, February 5, 2015 20:02, Joe Hamelin wrote:
>> On Feb 5, 2015, at 2:49 PM, Ralph J.Mayer <rmayer at nerd-residenz.de>
>> wrote:
>> a router is a router and a firewall is a firewall. Especially a Cisco ASA
>> is no router, period.
>
> Man-o-man did I find that out when we had to renumber our network after
> we got bought by the French.

> Oh, I'll just pop on a secondary address on this interface... What?

> Needed to go through fits just to get a hairpin route in the thing.

> The ASA series is good at what it does, just don't plan on it acting like
>  router IOS.

Sorry, but I'm with Owen.

Square : Rectangle :: Firewall : Router

A firewall is a router, despite how much so many security folk try to deny
it.  And firewalls that seem to try to intentionally be crappy routers
(ie, ASAs) have no place in my network.

If it can't be a decent router, then its going to suck as a firewall too,
because a firewall has to be able to play nice with the rest of the
network, and if they can't do that, then I have no use for them.  I'll get
a firewall that does.

-- 
Jeff

• Previous message (by thread): Dynamic routing on firewalls.
• Next message (by thread): Dynamic routing on firewalls.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]