Firewall Wizards mailing list archives
null routes and VPN's
From: Kerry Milestone <km4 () sanger ac uk>
Date: Tue, 20 May 2008 16:14:53 +0100
Hello,is it a wise idea to put a default route on the inside (trusted) side of a firewall with a high metric for when a VPN drops. Essentially, blackholing all traffic until the VPN comes back and the default route is again the end of the VPN?
Assuming there is a rule on the outside which allows only VPN traffic from the other end (point to point and only traffic allowed through the VPN) should both ends of the VPN have null routes for when its down ( for traffic within the VLAN for this VPN)?
What would be the implementation side affects, something along the lines of once the VPN is up its a matter of timeout on the routing protocol (say OSPF) to propagate the default route? Should a modernish firewall do this automagically anyway??
Cheers, Kerry. --The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. _______________________________________________
firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Auditing a firewall rulebase arvind doraiswamy (May 19)
- Re: Auditing a firewall rulebase Darden, Patrick S. (May 20)
- Re: Auditing a firewall rulebase Chuck Benson (May 27)
- Re: Auditing a firewall rulebase kevin horvath (May 20)
- null routes and VPN's Kerry Milestone (May 20)
- Re: null routes and VPN's Lord Sporkton (May 27)
- Re: Auditing a firewall rulebase Lord Sporkton (May 20)
- Re: Auditing a firewall rulebase R. DuFresne (May 27)
- Re: Auditing a firewall rulebase Paul Melson (May 20)
- Re: Auditing a firewall rulebase Darden, Patrick S. (May 20)