Firewall Wizards mailing list archives
Re: VPN and firewalls
From: "Paul D. Robertson" <proberts () clark net>
Date: Sat, 7 Feb 1998 21:35:05 -0500 (EST)
On Fri, 6 Feb 1998, Rik Farrow wrote:
I am curious about why people are choosing VPN solutions which are independent of firewalls, for example, Aventail or TimeStep.
Well, I'd choose it if I had to pass that VPN traffic through an application layer gateway, and wanted to clearly delineate that traffic as it hit the firewall, put it past an IDS, or if my end of the VPN had to be under the control of the operations staff, or if there was enough change (keys or files) on that gateway that I didn't want to have to constantly audit the bastion host.
Do people poke these streams through their firewalls?
I sure wouldn't.
Is it a matter of performance?
That's an argument to be made for off-bastion VPNing.
Why pay extra for VPN capability which is already included in many firewalls?
Maybe the included solution isn't as auditable, or doesn't have strong enough crypto?
I am looking for answers from people who have tried both methods: using the VPN as standalone product or bundled with their firewall.
I'm just throwing out answers off the top of my head, I've been successful so far in having to extend my security boundaries with VPNs, dial-up is bad enough... Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- VPN and firewalls Rik Farrow (Feb 07)
- Re: VPN and firewalls Paul D. Robertson (Feb 09)
- Re: VPN and firewalls Stuart Moore (Feb 09)
- Re: VPN and firewalls Rick Smith (Feb 09)
- Re: VPN and firewalls Steve Goldhaber (Feb 09)
- <Possible follow-ups>
- Re: VPN and firewalls Linwood Ferguson (Feb 09)
- Re: VPN and firewalls Aleph One (Feb 09)
- Re: VPN and firewalls tbird (Feb 09)