nanog mailing list archives

Firewalls in service provider environments

From: "Matthew Reath" <matt () mattreath com>
Date: Tue, 7 Feb 2012 15:31:21 -0600

All,

Looking for some recommendations on firewall placement in service provider
environments.  I'm of the school of thought that in my SP network I do as
little firewalling/packet filtering as possible. As in none, leave that to
my end users or offer a "managed" firewall solution where if a customer
signs up for the extra service I put him in a VRF or VLAN that is "behind"
a firewall and manage that solution for them. Otherwise I don't prefer to
have a firewall inline in my service provider network for all customer
traffic to go through. I can accomplish filtering of known bad ports on my
edge routers either facing my customers or upstream providers.

What is the group's thought on this?

-Matt

--
Matt Reath
CCIE #27316 (SP)
matt () mattreath com | http://mattreath.com
Twitter: http://twitter.com/mpreath

Current thread:

Firewalls in service provider environments Matthew Reath (Feb 07)
- RE: Firewalls in service provider environments Leigh Porter (Feb 07)
  - RE: Firewalls in service provider environments Matthew Reath (Feb 07)
    - Re: Firewalls in service provider environments William Herrin (Feb 07)
    - Re: Firewalls in service provider environments Matthew Reath (Feb 07)
    - Re: Firewalls in service provider environments Matt Buford (Feb 07)
    - Re: Firewalls in service provider environments Matthew Reath (Feb 08)
    - Re: Firewalls in service provider environments Christopher Morrow (Feb 08)
    - Re: Firewalls in service provider environments Matthew Reath (Feb 08)
    - Re: Firewalls in service provider environments Henry Yen (Feb 08)
    - Re: Firewalls in service provider environments David Walker (Feb 09)

(Thread continues...)