Re: [fw-wiz] OSPF on Firewall

• Previous message: Marcus J. Ranum: "Re: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft"
• In reply to: Shimon Silberschlag: "[fw-wiz] OSPF on Firewall"
• Next in thread: Gary Flynn: "Re: [fw-wiz] OSPF on Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Shimon Silberschlag <shimons@bll.co.il>
Date: Thu, 18 Dec 2003 08:53:08 +1100

On Wed, 2003-12-17 at 19:01, Shimon Silberschlag wrote:
> Lets say that I have two routers (on an internal network) that talk OSPF
> between them.
> Now I have to insert a firewall in-between the two routers.

> I am led to believe (by the Communications people I work with) that there is
> no other option but to install OSPF on the firewall, which doesn't make me
> feel easy about the solution.

> Is it true that there is no other way around this problem?

Firstly I would highly recommend AGAINST installing routing protocols on
your firewalls. The Pros and Cons have been debated here many times.

I don't see why you just can't pass the OSPF traffic through the
firewall, using a GRE tunnel. Being able to setup a GRE tunnel is
dependent on your routers however.

Regards,
Luke Butcher
Network/Security Consultant
www.alphawest.com.au

--
Alphawest Disclaimer
---------------------------------------------------------------------------
If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information.
If you have received this email in error, we request you contact Alphawest 
immediately by returning the email to postmaster@alphawest.com.au and
destroy the original. This email is confidential and may contain privileged
client information. Alphawest  has taken reasonable steps to ensure the
accuracy and integrity of all its communications, including electronic
communications, but accepts no liability for materials transmitted.
---------------------------------------------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Marcus J. Ranum: "Re: [fw-wiz] You'll never get fired for recommending IBM - sorry - Microsoft"
• In reply to: Shimon Silberschlag: "[fw-wiz] OSPF on Firewall"
• Next in thread: Gary Flynn: "Re: [fw-wiz] OSPF on Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: [fw-wiz] OSPF on Firewall ... Being a dynamic routing protocol, I'm assuming you want to pass OSPF ... Cisco routers, you can use the "neighbor" command within OSPF ... From the firewall perspective, you would need to allow OSPF traffic to ... (Firewall-Wizards) Re: Misconceptions ... I admit Firewalls and Routers aren't the exact same thing (of ... Personal Firewall, I wonder if that program is any good? ... > handled by anti-virus programs, which should be on ... > A NIDS is just that. ... (comp.security.firewalls) Re: Hardware, software or both? ... one more question please regarding routers. ... > 2) Software firewalls are easy for the non-technical computer user to ... > of the personal firewall applications. ... (comp.security.firewalls) Re: [fw-wiz] OSPF on Firewall ... > Lets say that I have two routers that talk OSPF ... > Now I have to insert a firewall in-between the two routers. ... to their underlying bridging configuration to get it to work. ... (Firewall-Wizards) Re: [fw-wiz] OSPF on Firewall ... > Now I have to insert a firewall in-between the two routers. ... Forward the OSPF traffic in bridge mode with MAC address, ... Do static routing between the routers, ... (Firewall-Wizards)