On 10/02/2009, at 11:03 AM, Jack Bates wrote:
There is if you have a dual-stack device, your L4-and-above protocols
are the same under v4 and v6, and you don't want to reinvent the
ALG wheel.
ALG only fixes some problems, and it's not required for as much when
address translations are not being performed.
On a commodity consumer CPE device, the ALG code doubles as a
stateful inspection engine.
So it _is_ required when address translations are not being performed.
Is security something that gets thought about now, or post-deployment?
- mark
--
Mark Newton Email: new...@internode.com.au
(W)
Network Engineer Email:
new...@atdot.dotat.org (H)
Internode Pty Ltd Desk: +61-8-82282999
"Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
