Now it makes sense. Claudio Jeker wrote: <snip> > but it is sitting in the middle of your network passing > packets. I couldn't sleep with such a system in my core. > It is also a lot easier to bypass unnoticed a bridging FW/IDS > then a box > that does actual routing.
THAT's why it is called a TRANSPARENT firewall. There's nothing quite like an oxymoron that SOUNDS good. Perfect place to hide all sorts of bad stuff. There is not ONE reason it is a bad idea. There are MANY and I am neither industrious nor competent enough to even crack the surface. However, I am old and crafty enough to NOT stick my hand in the paper sack.
