Firewall Wizards mailing list archives
RE: Random Questions
From: "Andrew J. Luca" <andrewluca () mediaone net>
Date: Mon, 17 May 1999 07:34:42 -0400
I don't think that it is a question of which would be "more secure" rather it is a question of "what functionality are you looking for?" A true switch is a bridge and thus only provides MAC layer filtering for an ethernet connection. Although you can do cool offsets and stuff to filter IP packets it's a huge pain (been there, done that). If you are looking to be able to easily filter packets through ACLs which are easy to configure (relative to a switch) and are built for this purpose choose a router. Now that I have said that, I do understand that there are switches on the market which have the capability to provide Layer-3 filtering (e.g. packet filtering like a router). However, this is still a router in that case. They have just made the offset stuff transparent to the user. Given the fact that you can get a low end Cisco router with 2E at a pretty cheap price, buy the router. The only thing that you would get from a switch is the ability to do port mirroring. This can come in handy but you generally are talking about a pretty expensive box and if you are planning on using anything more than a couple of T-1's, the switch is going to be the bottleneck while mirroring. DrewL
-----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]On Behalf Of Rex Murphy Sent: Friday, May 14, 1999 7:04 PM To: firewall-wizards () nfr net Subject: Random Questions What is more secure, a switch or a router? If I had a network and was running firewall-1 what would be more secure a switch or a router in between the internet and the firewall?
Current thread:
- Random Questions Rex Murphy (May 16)
- RE: Random Questions Andrew J. Luca (May 17)