Re: Dynamic routing through firewall

["Dobbins, Roland" <rdobbins () arbor net>]

On Nov 21, 2013, at 4:21 AM, Cliff Bowles <cliff.bowles () apollogrp edu> wrote:

> Finally, if you tried one of the options and it was terrible, please explain.

They're all terrible, heh.

Get the firewalls out of the picture:

<https://app.box.com/s/a3oqqlgwe15j8svojvzl>

Stateful firewalls should not be placed in front of servers, and should not be interposed between eBGP peers.  Whatever 
access policies are necessary should be expressed in stateless ACLs, as there's no point in putting a stateful 
inspection device in front of a server which receives unsolicited communications, and many reasons for not doing so.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton