Firewall Wizards mailing list archives

Re: Multiple firewalls from different manufactureres

From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 28 Jan 2005 15:43:55 -0500 (EST)

On Fri, 28 Jan 2005 damnliberals () gmail com wrote:

Why is it bad?  We're looking at a manufacturer of those "all in one"


Look at the parsing errors in say Ethereal plug-ins to see why code rate
of change for decoding complex protocols is not a great thing.

If you've got a single layer of failure with dynamic changes to its
codebase on the outside of your network, then you're almost certain to
have issues at some point.

I sure wouldn't want to put one on the outside as my sole firewall.

firewalls: AV, IPS, VPN, content filtering.  I see the IPS as sort of
a bonus that we can turn on if we want.  I prefer a best of breed
approach with multiple devices, but upper mgmt wants easy
administration and fast implementation.


If upper management is making operational decisions, you need to
re-educate them as to their role.  If your firewall is taking up enough
time to be anything noticible administration-wise, then your rulesets are
way too complex and your admins need to be re-educated ;)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

NAT for public IPs Jose Hidalgo Herrera (Jan 28)
- Re: NAT for public IPs Paul D. Robertson (Jan 28)
- Re: NAT for public IPs Kevin (Jan 28)
- <Possible follow-ups>
- Re: NAT for public IPs Randy Grimshaw (Jan 28)
  - Re: Multiple firewalls from different manufactureres damnliberals (Jan 28)
    - Re: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)