nanog mailing list archives
RE: BGP and Firewalls...
From: "Holmes,David A" <dholmes () mwdh2o com>
Date: Wed, 7 Dec 2011 10:19:58 -0800
My concern is whether or not consolidating border router and firewall functions in the same device violates, if not explicitly, then the spirit of the "defense in depth" Internet edge design principle. Here is a link to a Department of Homeland Security document where this is discussed (for control systems, but has general application), but not addressed directly: http://www.inl.gov/technicalpublications/Documents/3375141.pdf The old Checkpoint/Nokia firewalls consolidated routing and firewall functions, but the question is one of layered defenses, such that it seems intuitive that it is inherently more difficult for the bad actor to penetrate network defenses the more devices that have to be penetrated. -----Original Message----- From: Gregory Croft [mailto:gcroft () shoremortgage com] Sent: Wednesday, December 07, 2011 10:04 AM To: Christopher Morrow Cc: nanog () nanog org Subject: RE: BGP and Firewalls... I'm not having problems... Well, not yet anyways. :) Just investigating to see if there is a reason I shouldn't use a firewall at the edge versus a dedicated router as well as to see if anyone can share their specific experience with the PAN devices. Thanks everyone! Greg -----Original Message----- From: christopher.morrow () gmail com [mailto:christopher.morrow () gmail com] On Behalf Of Christopher Morrow Sent: Wednesday, December 07, 2011 12:44 PM To: Gregory Croft Cc: nanog () nanog org Subject: Re: BGP and Firewalls... On Wed, Dec 7, 2011 at 12:31 PM, Gregory Croft <gcroft () shoremortgage com> wrote:
Hi All, Does anyone have any experience with using firewalls as edge devices when BGP is concerned? Specifically the Palo Alto series of devices.
nokia/checkpoint has done this for ages. what's the problem you have? This communication, together with any attachments or embedded links, is for the sole use of the intended recipient(s) and may contain information that is confidential or legally protected. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, dissemination, distribution or use of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by return e-mail message and delete the original and all copies of the communication, along with any attachments or embedded links, from your system.
Current thread:
- BGP and Firewalls... Gregory Croft (Dec 07)
- Re: BGP and Firewalls... Christopher Morrow (Dec 07)
- RE: BGP and Firewalls... Gregory Croft (Dec 07)
- RE: BGP and Firewalls... Holmes,David A (Dec 07)
- Re: BGP and Firewalls... Leo Bicknell (Dec 07)
- Re: BGP and Firewalls... Dobbins, Roland (Dec 07)
- Re: BGP and Firewalls... Cameron Byrne (Dec 07)
- Re: BGP and Firewalls... Justin M. Streiner (Dec 07)
- Re: BGP and Firewalls... -Hammer- (Dec 08)
- RE: BGP and Firewalls... Gregory Croft (Dec 07)
- Re: BGP and Firewalls... Christopher Morrow (Dec 07)
- Re: BGP and Firewalls... Christopher Morrow (Dec 07)
- Re: BGP and Firewalls... Dobbins, Roland (Dec 07)
- Message not available
- Re: BGP and Firewalls... David (Dec 09)