Re: router

From: Leythos (void_at_nowhere.com)
Date: 06/16/04


Date: Wed, 16 Jun 2004 12:55:55 GMT

In article <LBTzc.29$M93.24@newsfe5-gui.server.ntli.net>, abuse@
[127.0.0.1] says...
> A better argument (based on the assumption that running anything other than
> firewall software on a firewall is A Bad Idea(tm)), is that a generic[1]
> *nix box can be more versatile, by including things like DMZ routing
> functions.

Actually, a lot of firewall appliances have three networks, the public
side, the trusted side, and the DMZ. Many of the smaller firewall
appliances (not the cheap routers) are now including this same three
port design. Some of the cheaper ones give you the ability to direct all
DMZ traffic to a single IP (not an ideal solution) that you can do
anything you want with (attach a router/nat and you have another
network).

You are right though, I only run a firewall on the system that is
designated as the firewall. I can't imagine anyone running Office or
PhotoShop on a FW-1 firewall box :)

I've found the same as you - an appliance is easier for customers to
maintain, less problems for them to work with, and easier on space and
electrical costs - less heat output too in most cases.

-- 
--
spamfree999@rrohio.com
(Remove 999 to reply to me)


Relevant Pages

  • Ang: RE: Firewall and DMZ topology
    ... Network Engineer ... Subject: Firewall and DMZ topology ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
    (Security-Basics)
  • RE: Firewall and DMZ topology
    ... Subject: Firewall and DMZ topology ... Should the DMZ be behind the LAN and not split off at the firewall, ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
    (Security-Basics)
  • RE: Firewall and DMZ topology
    ... Subject: Firewall and DMZ topology ... Also, when I say firewall, I mean Router + Firewall. ... Should the DMZ be behind the LAN and not split off at the firewall, ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
    (Security-Basics)
  • Re: Unable to join AD domain from DMZ network
    ... To me that points to something outside the machine (Firewall most likely culprit) ... > the captured traffic between the server in DMZ to the DC from internal ... >>> authentication from DMZ to 2003 AD internal network. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Lets talk about firewalls - what do we as a group think a firewall should be/have?
    ... part of the same network as the LAN. ... Each interface of a firewall should be distinct from ... interfaces, so a "DMZ interface" is not a requirement. ...
    (comp.security.firewalls)