We run redundant solutions for a number of our customers and have always
decoupled the routing and firewalling.
I can think of one situation where the customer manages the BGP and
firewall failover on their firewalls, it doesn't work too well.
The issue as I see it is that in the event of a d
On Wed, Dec 7, 2011 at 7:31 PM, Gregory Croft wrote:
> Does anyone have any experience with using firewalls as edge devices
> when BGP is concerned?
Doing so very successfully with Fortigate devices.
x27;s at the moment and haven't really had any issues with
> web filtering.
>
>
>
> Thank you,
> Gregory S. Croft
>
> -Original Message-
> From: David [mailto:da...@davidswafford.com]
> Sent: Thursday, December 08, 2011 9:50 AM
> To: Gregory Croft
I wouldn't do it. We have 8 x PA-2050s and run into a lot of wierd bugs
(just doing web filtering)
David
Sent from an email server.
On Dec 7, 2011, at 12:31 PM, "Gregory Croft" wrote:
> Hi All,
>
>
>
> Does anyone have any experience with using firewalls as edge devices
> when BGP is
Roland,
While I understand that the definition has nothing to do with IT
Security there is no question that many folks use the phrase to
summarize a layered IT security model.
Edge routers with ACLs to filter white noise go to edge L3/4 firewalls
to filter their layer go to load balancers
On Wed, 7 Dec 2011, Cameron Byrne wrote:
On a personal note , it is one of my least favorite terms because it is
overused and generally used by people selling things, and defense in depth
means throw eveything and the kitchen sink at the problem instead of
matching threats / risks / vulnerabilit
On Dec 7, 2011 7:49 PM, "Dobbins, Roland" wrote:
>
>
> On Dec 8, 2011, at 1:36 AM, Leo Bicknell wrote:
>
> > I don't think you're looking at defense in depth in the right way,
>
> Actually, it sometimes seems as if nobody in the industry understands
what 'defense in depth' really means, heh.
>
On
On Dec 8, 2011, at 1:36 AM, Leo Bicknell wrote:
> I don't think you're looking at defense in depth in the right way,
Actually, it sometimes seems as if nobody in the industry understands what
'defense in depth' really means, heh.
'Defense in depth' is a military term of art which equates to 't
On Dec 8, 2011, at 1:04 AM, Gregory Croft wrote:
> Just investigating to see if there is a reason I shouldn't use a firewall at
> the edge versus a dedicated router
You should only use a dedicate router if you want your network to remain
available.
;>
---
On Wed, Dec 7, 2011 at 1:04 PM, Gregory Croft wrote:
> I'm not having problems... Well, not yet anyways. :)
>
> Just investigating to see if there is a reason I shouldn't use a
> firewall at the edge versus a dedicated router as well as to see if
> anyone can share their specific experience with
In a message written on Wed, Dec 07, 2011 at 10:19:58AM -0800, Holmes,David A
wrote:
> My concern is whether or not consolidating border router and firewall
> functions in the same device violates, if not explicitly, then the spirit of
> the "defense in depth" Internet edge design principle. Her
@nanog.org
Subject: RE: BGP and Firewalls...
I'm not having problems... Well, not yet anyways. :)
Just investigating to see if there is a reason I shouldn't use a
firewall at the edge versus a dedicated router as well as to see if
anyone can share their specific experience with the PAN devic
--Original Message-
From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com]
On Behalf Of Christopher Morrow
Sent: Wednesday, December 07, 2011 12:44 PM
To: Gregory Croft
Cc: nanog@nanog.org
Subject: Re: BGP and Firewalls...
On Wed, Dec 7, 2011 at 12:31 PM, Gregory Croft
wrote
On Wed, Dec 7, 2011 at 12:31 PM, Gregory Croft wrote:
> Hi All,
>
>
>
> Does anyone have any experience with using firewalls as edge devices
> when BGP is concerned?
>
> Specifically the Palo Alto series of devices.
nokia/checkpoint has done this for ages. what's the problem you have?
14 matches
Mail list logo
