Firewall Wizards mailing list archives
Re: Multiple firewalls from different manufactureres
From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 28 Jan 2005 15:43:55 -0500 (EST)
On Fri, 28 Jan 2005 damnliberals () gmail com wrote:
Why is it bad? We're looking at a manufacturer of those "all in one"
Look at the parsing errors in say Ethereal plug-ins to see why code rate of change for decoding complex protocols is not a great thing. If you've got a single layer of failure with dynamic changes to its codebase on the outside of your network, then you're almost certain to have issues at some point. I sure wouldn't want to put one on the outside as my sole firewall.
firewalls: AV, IPS, VPN, content filtering. I see the IPS as sort of a bonus that we can turn on if we want. I prefer a best of breed approach with multiple devices, but upper mgmt wants easy administration and fast implementation.
If upper management is making operational decisions, you need to re-educate them as to their role. If your firewall is taking up enough time to be anything noticible administration-wise, then your rulesets are way too complex and your admins need to be re-educated ;) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT for public IPs Jose Hidalgo Herrera (Jan 28)
- Re: NAT for public IPs Paul D. Robertson (Jan 28)
- Re: NAT for public IPs Kevin (Jan 28)
- <Possible follow-ups>
- Re: NAT for public IPs Randy Grimshaw (Jan 28)
- Re: Multiple firewalls from different manufactureres damnliberals (Jan 28)
- Re: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- Re: Multiple firewalls from different manufactureres damnliberals (Jan 28)