[fw-wiz] Communication Device Protocols from External router direct through Firewall

I am trying to determine the risks of allowing the following protocols
from my external routers directly through to my internal LAN versus
setting up a DMZ proxy:

SNMP (polling / traps) Syslog, SSH, Tacacs, and Netflow

I know that SNMP and Netflow might provide infrastructure information, but
I fail to see how a DMZ proxy makes this activity more secure given that
information from the DMZ to the firewall would not be encrypted.

Furthermore, SSH and Tacacs are already fully encrypted.

Any advice would be appreciated.


This message is intended solely for the designated recipient(s). It may contain
confidential or proprietary information and may be subject to attorney-client
privilege or other confidentiality protections. If you are not a designated
recipient you may not review, copy or distribute this message.
If you receive this in error, please notify the sender by reply e-mail
and delete this message. Thank you.
firewall-wizards mailing list