On Fri, Jan 7, 2011 at 9:00 PM, Dobbins, Roland <rdobb...@arbor.net> wrote: > On Jan 8, 2011, at 8:54 AM, William Herrin wrote: >> I presume you don't intend us to conclude that a bastion >> host firewall provides no security benefit to the equipment it >> protects. > > If it's protecting workstations, yes, it has some positive security value - > but not due to NAT.
Hi Roland, I see. Would I misstate your view if I characterized it as: "A bastion host firewall which simulates identical IP addresses on both sides provides at least as effective security as an otherwise identical firewall which does not." Regards, Bill Herrin -- William D. Herrin ................ her...@dirtside.comĀ b...@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
