Dynamic routing through firewall

• Previous message (by thread): Dynamic routing through firewall
• Next message (by thread): Issues with Multiple T1's - southwest US
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Nov 21, 2013, at 4:21 AM, Cliff Bowles <cliff.bowles at apollogrp.edu> wrote:

> Finally, if you tried one of the options and it was terrible, please explain.

They're all terrible, heh.

Get the firewalls out of the picture:

<https://app.box.com/s/a3oqqlgwe15j8svojvzl>

Stateful firewalls should not be placed in front of servers, and should not be interposed between eBGP peers.  Whatever access policies are necessary should be expressed in stateless ACLs, as there's no point in putting a stateful inspection device in front of a server which receives unsolicited communications, and many reasons for not doing so.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

• Previous message (by thread): Dynamic routing through firewall
• Next message (by thread): Issues with Multiple T1's - southwest US
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]