Firewall Wizards mailing list archives
Re: Screening Router as a firewall
From: Brenno Hiemstra <brenno.hiemstra () gmail com>
Date: Fri, 25 Mar 2005 10:49:28 +0100
Shimon, My favorite setup is having a router in front of a (preferred other brand) firewall. With this setup you can deny the most obvious network traffic (spoofing, rpc ports, netbios ports, ports you definately dont use, etc) already on the router. This way you dont have this traffic seen on your firewall. Which could result in a better performance and less loginformation you are not looking for in the first place. The router can be a simple ACL but I definately advice the firewall(s) to be statefull. Brenno Hiemstra On Thu, 24 Mar 2005 15:37:57 +0200, Shimon Silberschlag <shimons () bll co il> wrote:
Hello group, Having a request for at least 2 firewalls protecting internet connectivity, would you consider a border router with ACLs as the first firewall, or would you demand to implement ACLs on the router and 2 other "traditional" firewalls? If you select the first option, would simple "packet filter" type ACLs suffice, or would you demand "stateful" ACLs? (I believe Cisco calls its implementation CBAC). If you select the second option, would you demand that the 2 firewalls be of different brand, different technology or can they be the same product? Can ISA2004 serve as the second, internal facing firewall? Anyone using it as such? TIA, Shimon Silberschlag +972-3-9351572 +972-50-7207130 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Screening Router as a firewall Shimon Silberschlag (Mar 24)
- Re: Screening Router as a firewall Brenno Hiemstra (Mar 30)
- Re: Screening Router as a firewall Kevin (Mar 30)
- RE: Screening Router as a firewall Steve Fletcher (Mar 30)
- <Possible follow-ups>
- Re: Screening Router as a firewall Avishai Wool (Mar 30)
- Re: Screening Router as a firewall vbwilliams (Mar 30)
- Re: Screening Router as a firewall jfvanmeter (Mar 30)