Hi, On Mon, Aug 10, 2020 at 11:33:06PM -0400, Yham wrote: > Thanks for your comments. I kinda agree with you on avoid using transparent > mode however not clear why you wouldn't want your north-south traffic pass > through perimeter security devices (FWs). how would you protect your > network from outside if you don't have firewalls in the traffic path? I > have seen some enterprises use by-pass switches to go around the firewalls > in case of an unexpected failure from where firewalls can't recover.
What is the point of a firewall in front of a web server?
The web server should not have any services running besides "web", and
these have to be available from the outside.
Adding a firewall means "you put a device in front of it that can handle
less load and costs more" - but where's the security gain?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
