nanog mailing list archives
Re: Dynamic routing on firewalls.
From: Bill Thompson <billt () mahagonny com>
Date: Fri, 06 Feb 2015 08:39:18 -0800
Just because a cat has kittens in the oven, you don't call them biscuits. A firewall can route, but it is not a router. Both have specialized tasks. You can fix a car with a swiss army knife, but why would you want to? -- Bill Thompson billt () mahagonny com On February 5, 2015 7:19:43 PM PST, Jeff McAdams <jeffm () iglou com> wrote:
On Thu, February 5, 2015 20:02, Joe Hamelin wrote:On Feb 5, 2015, at 2:49 PM, Ralph J.Mayer <rmayer () nerd-residenz de> wrote: a router is a router and a firewall is a firewall. Especially aCisco ASAis no router, period.Man-o-man did I find that out when we had to renumber our networkafterwe got bought by the French.Oh, I'll just pop on a secondary address on this interface... What?Needed to go through fits just to get a hairpin route in the thing.The ASA series is good at what it does, just don't plan on it actinglikerouter IOS.Sorry, but I'm with Owen. Square : Rectangle :: Firewall : Router A firewall is a router, despite how much so many security folk try to deny it. And firewalls that seem to try to intentionally be crappy routers (ie, ASAs) have no place in my network. If it can't be a decent router, then its going to suck as a firewall too, because a firewall has to be able to play nice with the rest of the network, and if they can't do that, then I have no use for them. I'll get a firewall that does.
Current thread:
- Re: Dynamic routing on firewalls., (continued)
- Re: Dynamic routing on firewalls. Eugeniu Patrascu (Feb 05)
- Re: Dynamic routing on firewalls. Ray Soucy (Feb 05)
- Re: Dynamic routing on firewalls. David Jansen (Feb 05)
- Re: Dynamic routing on firewalls. David Jansen (Feb 05)
- Re: Dynamic routing on firewalls. ML (Feb 05)
- Re: Dynamic routing on firewalls. santiago martinez (Feb 05)
- Re: Dynamic routing on firewalls. Ray Soucy (Feb 05)
- Re: Dynamic routing on firewalls. Ralph J.Mayer (Feb 05)
- Re: Dynamic routing on firewalls. Owen DeLong (Feb 05)
- Re: Dynamic routing on firewalls. Joe Hamelin (Feb 05)
- Re: Dynamic routing on firewalls. Jeff McAdams (Feb 05)
- Re: Dynamic routing on firewalls. Bill Thompson (Feb 06)
- Re: Dynamic routing on firewalls. Doug Barton (Feb 06)
- Re: Dynamic routing on firewalls. Owen DeLong (Feb 07)
- Re: Dynamic routing on firewalls. BPNoC Group (Feb 08)
- Re: Dynamic routing on firewalls. Jeff McAdams (Feb 08)
- Re: Dynamic routing on firewalls. BPNoC Group (Feb 08)
- Re: Dynamic routing on firewalls. Owen DeLong (Feb 08)
- Re: Dynamic routing on firewalls. Rich Kulawiec (Feb 09)
- Re: Dynamic routing on firewalls. Eugeniu Patrascu (Feb 09)
- Re: Dynamic routing on firewalls. Owen DeLong (Feb 05)
- Re: Dynamic routing on firewalls. Eugeniu Patrascu (Feb 05)
- Re: Dynamic routing on firewalls. Patrick Tracanelli (Feb 08)
- Re: Dynamic routing on firewalls. Owen DeLong (Feb 08)