A good firewall can also be a good router. Of course you can find firewalls that are crappy routers and you can find routers that are crappy firewalls, but generally, the two are not mutually exclusive.
Owen > On Feb 6, 2015, at 08:39 , Bill Thompson <bi...@mahagonny.com> wrote: > > Just because a cat has kittens in the oven, you don't call them biscuits. A > firewall can route, but it is not a router. Both have specialized tasks. You > can fix a car with a swiss army knife, but why would you want to? > -- > Bill Thompson > bi...@mahagonny.com > > On February 5, 2015 7:19:43 PM PST, Jeff McAdams <je...@iglou.com> wrote: >> >> On Thu, February 5, 2015 20:02, Joe Hamelin wrote: >>>> On Feb 5, 2015, at 2:49 PM, Ralph J.Mayer <rma...@nerd-residenz.de> >>>> wrote: >>>> a router is a router and a firewall is a firewall. Especially a >> Cisco ASA >>>> is no router, period. >>> >>> Man-o-man did I find that out when we had to renumber our network >> after >>> we got bought by the French. >> >>> Oh, I'll just pop on a secondary address on this interface... What? >> >>> Needed to go through fits just to get a hairpin route in the thing. >> >>> The ASA series is good at what it does, just don't plan on it acting >> like >>> router IOS. >> >> Sorry, but I'm with Owen. >> >> Square : Rectangle :: Firewall : Router >> >> A firewall is a router, despite how much so many security folk try to >> deny >> it. And firewalls that seem to try to intentionally be crappy routers >> (ie, ASAs) have no place in my network. >> >> If it can't be a decent router, then its going to suck as a firewall >> too, >> because a firewall has to be able to play nice with the rest of the >> network, and if they can't do that, then I have no use for them. I'll >> get >> a firewall that does.
