Re: [fw-wiz] OSPF on Firewall

From: Luke Butcher (luke.butcher_at_alphawest.com.au)
Date: 12/17/03

  • Next message: Gary Flynn: "Re: [fw-wiz] OSPF on Firewall" 
    To: Shimon Silberschlag <shimons@bll.co.il>
Date: Thu, 18 Dec 2003 08:53:08 +1100

    On Wed, 2003-12-17 at 19:01, Shimon Silberschlag wrote:
    > Lets say that I have two routers (on an internal network) that talk OSPF
    > between them.
    > Now I have to insert a firewall in-between the two routers.

    > I am led to believe (by the Communications people I work with) that there is
    > no other option but to install OSPF on the firewall, which doesn't make me
    > feel easy about the solution.

    > Is it true that there is no other way around this problem?

    Firstly I would highly recommend AGAINST installing routing protocols on
    your firewalls. The Pros and Cons have been debated here many times.

    I don't see why you just can't pass the OSPF traffic through the
    firewall, using a GRE tunnel. Being able to setup a GRE tunnel is
    dependent on your routers however.

    Regards,
    Luke Butcher
    Network/Security Consultant
    www.alphawest.com.au 

    --
Alphawest Disclaimer
---------------------------------------------------------------------------
If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information.
If you have received this email in error, we request you contact Alphawest 
immediately by returning the email to postmaster@alphawest.com.au and
destroy the original. This email is confidential and may contain privileged
client information. Alphawest  has taken reasonable steps to ensure the
accuracy and integrity of all its communications, including electronic
communications, but accepts no liability for materials transmitted.
---------------------------------------------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Gary Flynn: "Re: [fw-wiz] OSPF on Firewall"

    Relevant Pages

    • RE: [fw-wiz] OSPF on Firewall
      ... Being a dynamic routing protocol, I'm assuming you want to pass OSPF ... Cisco routers, you can use the "neighbor" command within OSPF ... From the firewall perspective, you would need to allow OSPF traffic to ...
      (Firewall-Wizards)
    • Re: Misconceptions
      ... I admit Firewalls and Routers aren't the exact same thing (of ... Personal Firewall, I wonder if that program is any good? ... > handled by anti-virus programs, which should be on ... > A NIDS is just that. ...
      (comp.security.firewalls)
    • Re: Hardware, software or both?
      ... one more question please regarding routers. ... > 2) Software firewalls are easy for the non-technical computer user to ... > of the personal firewall applications. ...
      (comp.security.firewalls)
    • Re: [fw-wiz] OSPF on Firewall
      ... > Lets say that I have two routers that talk OSPF ... > Now I have to insert a firewall in-between the two routers. ... to their underlying bridging configuration to get it to work. ...
      (Firewall-Wizards)
    • Re: How to Stealth POP3 Port 110 using NIS2000?
      ... | According to the firewall log, that port is not even being probed. ... coming from your ISP's routers, ... Check out the NIS rules for POP3 and SMTP for your e-mail client software. ... "Unused Port Blocking". ...
      (comp.security.firewalls)