ACLs vs. full firewalls

• Previous message (by thread): ACLs vs. full firewalls
• Next message (by thread): ACLs vs. full firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While there are no specific audit requirements, overall traffic auditing
(not just for dropped packets) is definitely something I'm considering.
One way of gathering this data without using a firewall would seem to be
netflow; I don't think netflow specifically calls out (or even shows?)
traffic blocked by ACLs though, which could be a point for consideration.

Eric Gauthier wrote:
> Michael,
> 
> Do you have logging or audit requirements to your filters?
> We use ACLs almost everywhere for non-stateful filtering, but
> there are a few locations (e.g. HIPPA) that require an 
> audit trail which is perhaps better accomplished by a firewall.
> 
> Eric :)
> [...]

• Previous message (by thread): ACLs vs. full firewalls
• Next message (by thread): ACLs vs. full firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]