I don't need no stinking firewall!

Joe Maimon jmaimon at ttec.com
Thu Jan 14 11:13:07 CST 2010


Dobbins, Roland wrote:
>
> On Jan 10, 2010, at 1:22 PM, harbor235 wrote:
>
>> Again, a firewall has it's place just like any other device in the network, defense in>>>  depth is a prudent philosophy to reduce the chances of compromise, it does not>>>eliminate it nor does any architecture you can think of, period
>
> What a ridiculous statement - of course it does.
>
> *The place of the stateful firewall is in front of clients, not servers*.
>

Servers can also be clients who can benefit from state tracking.

The best answer I have to that scenario is to make the client path 
different than the server path.

Joe




More information about the NANOG mailing list