[fw-wiz] Screening Router as a firewall

• Previous message: Nick Brandson: "[fw-wiz] Site-to-Site VPN Gateway behind NAT device"
• Next in thread: Brenno Hiemstra: "Re: [fw-wiz] Screening Router as a firewall"
• Reply: Brenno Hiemstra: "Re: [fw-wiz] Screening Router as a firewall"
• Reply: Kevin: "Re: [fw-wiz] Screening Router as a firewall"
• Maybe reply: vbwilliams_at_neb.rr.com: "Re: [fw-wiz] Screening Router as a firewall"
• Reply: Steve Fletcher: "RE: [fw-wiz] Screening Router as a firewall"
• Maybe reply: jfvanmeter_at_comcast.net: "Re: [fw-wiz] Screening Router as a firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Thu, 24 Mar 2005 15:37:57 +0200

Hello group,

Having a request for at least 2 firewalls protecting internet connectivity,
would you consider a border router with ACLs as the first firewall, or would
you demand to implement ACLs on the router and 2 other "traditional"
firewalls?

If you select the first option, would simple "packet filter" type ACLs
suffice, or would you demand "stateful" ACLs?
(I believe Cisco calls its implementation CBAC).
If you select the second option, would you demand that the 2 firewalls be of
different brand, different technology or can they be the same product?

Can ISA2004 serve as the second, internal facing firewall? Anyone using it
as such?

TIA,

Shimon Silberschlag

+972-3-9351572
+972-50-7207130

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Nick Brandson: "[fw-wiz] Site-to-Site VPN Gateway behind NAT device"
• Next in thread: Brenno Hiemstra: "Re: [fw-wiz] Screening Router as a firewall"
• Reply: Brenno Hiemstra: "Re: [fw-wiz] Screening Router as a firewall"
• Reply: Kevin: "Re: [fw-wiz] Screening Router as a firewall"
• Maybe reply: vbwilliams_at_neb.rr.com: "Re: [fw-wiz] Screening Router as a firewall"
• Reply: Steve Fletcher: "RE: [fw-wiz] Screening Router as a firewall"
• Maybe reply: jfvanmeter_at_comcast.net: "Re: [fw-wiz] Screening Router as a firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: using routers ACL to substitute firewall ... First generation firewalls were basically Router's ACLs. ... filter application protocols, which is not possible by Router ACLs. ... (comp.security.misc) Re: using routers ACL to substitute firewall ... First generation firewalls were basically Router's ACLs. ... filter application protocols, which is not possible by Router ACLs. ... (alt.computer.security) RE: [fw-wiz] Screening Router as a firewall ... Personally, I would go with the two "traditional" firewalls, in addition to ... would you consider a border router with ACLs as the first firewall, ... or would you demand "stateful" ACLs? ... (Firewall-Wizards) Re: [fw-wiz] Screening Router as a firewall ... > Having a request for at least 2 firewalls protecting internet ... > would you consider a border router with ACLs as the first ... (Firewall-Wizards)