Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

null routes and VPN's

From: Kerry Milestone <km4 () sanger ac uk>
Date: Tue, 20 May 2008 16:14:53 +0100
Hello,
is it a wise idea to put a default route on the inside (trusted) side of a firewall with a high metric for when a VPN drops. Essentially, blackholing all traffic until the VPN comes back and the default route is again the end of the VPN?
Assuming there is a rule on the outside which allows only VPN traffic from the other end (point to point and only traffic allowed through the VPN) should both ends of the VPN have null routes for when its down ( for traffic within the VLAN for this VPN)?
What would be the implementation side affects, something along the lines of once the VPN is up its a matter of timeout on the routing protocol (say OSPF) to propagate the default route? Should a modernish firewall do this automagically anyway?? 

Cheers,
Kerry.



--
The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. _______________________________________________ 
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: