nanog mailing list archives
Firewalls in service provider environments
From: "Matthew Reath" <matt () mattreath com>
Date: Tue, 7 Feb 2012 15:31:21 -0600
All, Looking for some recommendations on firewall placement in service provider environments. I'm of the school of thought that in my SP network I do as little firewalling/packet filtering as possible. As in none, leave that to my end users or offer a "managed" firewall solution where if a customer signs up for the extra service I put him in a VRF or VLAN that is "behind" a firewall and manage that solution for them. Otherwise I don't prefer to have a firewall inline in my service provider network for all customer traffic to go through. I can accomplish filtering of known bad ports on my edge routers either facing my customers or upstream providers. What is the group's thought on this? -Matt -- Matt Reath CCIE #27316 (SP) matt () mattreath com | http://mattreath.com Twitter: http://twitter.com/mpreath
Current thread:
- Firewalls in service provider environments Matthew Reath (Feb 07)
- RE: Firewalls in service provider environments Leigh Porter (Feb 07)
- RE: Firewalls in service provider environments Matthew Reath (Feb 07)
- Re: Firewalls in service provider environments William Herrin (Feb 07)
- Re: Firewalls in service provider environments Matthew Reath (Feb 07)
- Re: Firewalls in service provider environments Matt Buford (Feb 07)
- Re: Firewalls in service provider environments Matthew Reath (Feb 08)
- Re: Firewalls in service provider environments Christopher Morrow (Feb 08)
- Re: Firewalls in service provider environments Matthew Reath (Feb 08)
- Re: Firewalls in service provider environments Henry Yen (Feb 08)
- Re: Firewalls in service provider environments David Walker (Feb 09)
- RE: Firewalls in service provider environments Matthew Reath (Feb 07)
- RE: Firewalls in service provider environments Leigh Porter (Feb 07)