Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Screening Router as a firewall

From: vbwilliams () neb rr com
Date: Thu, 24 Mar 2005 14:55:31 -0700
Don't the answers to all these questions depend on what you're trying to accomplish based on your network policies?  In 
some cases I use ACLs on my *borders*.  In other cases, I don't.  The situation and policy determines your 
implementation...not the other way around.

Victor Williams
Network Architect


----- Original Message -----
From: Shimon Silberschlag <shimons () bll co il>
Date: Thursday, March 24, 2005 6:37 am
Subject: [fw-wiz] Screening Router as a firewall


Hello group,

Having a request for at least 2 firewalls protecting internet 
connectivity, 
would you consider a border router with ACLs as the first 
firewall, or would 
you demand to implement ACLs on the router and 2 other 
"traditional" 
firewalls?

If you select the first option, would simple "packet filter" type 
ACLs 
suffice, or would you demand "stateful" ACLs?
(I believe Cisco calls its implementation CBAC).
If you select the second option, would you demand that the 2 
firewalls be of 
different brand, different technology or can they be the same product?

Can ISA2004 serve as the second, internal facing firewall? Anyone 
using it 
as such?

TIA,

Shimon Silberschlag

+972-3-9351572
+972-50-7207130

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: